[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL certificates

* Tom Allison (tallison@tacocat.net) [021217 17:24]:
> This might sound kind of simple...   I hope it is...
> If I have a website (eg: www.mydomain.com) and I create a 
> certificate for it, I am asked to enter in the server name for the 
> certification.
> I typically would enter server.mydomain.com.
> When I do this, I start getting errors when I attempt to connect 
> via pop-ssl or https that the certificate references an incorrect 
> server.
> What's the best way to resolve this?
> re-create the SSL certificate to mydomain.com, or change the DNS 
> entries to include server.mydomain.com?

Your clients will get warning messages if the certificate's name is
different than the name they're trying to connect to.  So if the client
tries to connect to server.mydomain.com and the cert says mydomain.com,
they'll get a warning.  If they connect to mydomain.com and the cert
says server.mydomain.com, they'll get a warning.  Of course, the exact
semantics depend on the client, but that's the general idea.

So whether you change the DNS or not, what matters is that the name the
clients use to connect matches the CN on the cert.

good times,
"Computer Science is no more about computers
than astronomy is about telescopes."  -- E.W. Dijkstra

Attachment: pgpgA_iXDZNPP.pgp
Description: PGP signature

Reply to: