* Tom Allison (tallison@tacocat.net) [021217 17:24]: > This might sound kind of simple... I hope it is... > > If I have a website (eg: www.mydomain.com) and I create a > certificate for it, I am asked to enter in the server name for the > certification. > I typically would enter server.mydomain.com. > When I do this, I start getting errors when I attempt to connect > via pop-ssl or https that the certificate references an incorrect > server. > > What's the best way to resolve this? > re-create the SSL certificate to mydomain.com, or change the DNS > entries to include server.mydomain.com? Your clients will get warning messages if the certificate's name is different than the name they're trying to connect to. So if the client tries to connect to server.mydomain.com and the cert says mydomain.com, they'll get a warning. If they connect to mydomain.com and the cert says server.mydomain.com, they'll get a warning. Of course, the exact semantics depend on the client, but that's the general idea. So whether you change the DNS or not, what matters is that the name the clients use to connect matches the CN on the cert. good times, Vineet -- http://www.doorstop.net/ -- "Computer Science is no more about computers than astronomy is about telescopes." -- E.W. Dijkstra
Attachment:
pgpgA_iXDZNPP.pgp
Description: PGP signature