Women in Technology

Hear us Roar



Article:
  A Day in the Life of #Apache
Subject:   Hmm. Perhaps I'm mistaken
Date:   2005-03-04 14:08:54
From:   CraigBuchek
Response to: Hmm. Perhaps I'm mistaken

According to the RFC (2818 section 3.1, 4th paragraph), user agents are not supposed to accept more than 1 level of names.


However, it also says that "more than one dNSName name" may be contained within a certificate, and "a match in any one of the set is considered acceptable". So that would seem to be the proper way to include multiple names in a single SSL certificate. However, I doubt that any browsers support that, or certificate generators for that matter. I could be wrong, but I couldn't find anything in Google on it.

Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Hmm. Perhaps I'm mistaken
    2005-03-22 13:24:17  Frank-van-Beek [View]

    I might have found a solution.

    On this page http://wiki.cacert.org/wiki/VhostTaskForce a couple of solutions are listed.

    By combining solutions #2 and #3 I was able to have multiple domains in one certificate. See the combined solution #4 on the same page. It's supported by most mayor browsers.

    • Hmm. Perhaps I'm mistaken
      2005-08-17 09:33:07  ErikBrooks [View]

      Would you mind sharing which CA service you used and how many domains your certificate has? I am considering using this approach but would need ~20-30 domains included.