Article:  |
A Day in the Life of #Apache | |
| Subject: | Hmm. Perhaps I'm mistaken | |
| Date: | 2005-02-23 14:56:16 | |
| From: | Rich Bowen | |
|
I could very well be mistaken. I'll investigate the issue of wildcard certs more thoroughly. I was under the impression that support for them was spotty.
|
||
Showing messages 1 through 4 of 4.
-
Hmm. Perhaps I'm mistaken
2005-03-04 03:23:47 Rich Bowen |
[View]
-
Hmm. Perhaps I'm mistaken
2005-03-04 14:08:54 CraigBuchek [View]
According to the RFC (2818 section 3.1, 4th paragraph), user agents are not supposed to accept more than 1 level of names.
However, it also says that "more than one dNSName name" may be contained within a certificate, and "a match in any one of the set is considered acceptable". So that would seem to be the proper way to include multiple names in a single SSL certificate. However, I doubt that any browsers support that, or certificate generators for that matter. I could be wrong, but I couldn't find anything in Google on it. -
Hmm. Perhaps I'm mistaken
2005-03-22 13:24:17 Frank-van-Beek [View]
I might have found a solution.
On this page http://wiki.cacert.org/wiki/VhostTaskForce a couple of solutions are listed.
By combining solutions #2 and #3 I was able to have multiple domains in one certificate. See the combined solution #4 on the same page. It's supported by most mayor browsers.
-
Hmm. Perhaps I'm mistaken
2005-08-17 09:33:07 ErikBrooks [View]
Would you mind sharing which CA service you used and how many domains your certificate has? I am considering using this approach but would need ~20-30 domains included.
Internet Explorer 6 only recognized one level of naming for the wildcard. That is, *.example.com will match www.example.com, but will not match www.monkeys.example.com
And, of course, if you're not making the certs yourself, wildcard certs are considerably more expensive than regular ones.
Sorry for the misinformation.