Hmm. Perhaps I'm mistaken

Article:		A Day in the Life of #Apache
Subject:		Hmm. Perhaps I'm mistaken
Date:		2005-03-04 14:08:54
From:		CraigBuchek
Response to: Hmm. Perhaps I'm mistaken
According to the RFC (2818 section 3.1, 4th paragraph), user agents are not supposed to accept more than 1 level of names. However, it also says that "more than one dNSName name" may be contained within a certificate, and "a match in any one of the set is considered acceptable". So that would seem to be the proper way to include multiple names in a single SSL certificate. However, I doubt that any browsers support that, or certificate generators for that matter. I could be wrong, but I couldn't find anything in Google on it.

Full Threads

Oldest First

Showing messages 1 through 2 of 2.

Hmm. Perhaps I'm mistaken
2005-03-22 13:24:17 Frank-van-Beek [Reply | View]

I might have found a solution.

On this page http://wiki.cacert.org/wiki/VhostTaskForce a couple of solutions are listed.

By combining solutions #2 and #3 I was able to have multiple domains in one certificate. See the combined solution #4 on the same page. It's supported by most mayor browsers.

Hmm. Perhaps I'm mistaken
2005-08-17 09:33:07 ErikBrooks [Reply | View]

Would you mind sharing which CA service you used and how many domains your certificate has? I am considering using this approach but would need ~20-30 domains included.

© 2008, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.

About O'Reilly
Privacy Policy
Contacts
Authors
Press Room
Jobs
User Groups
Academic Solutions
Newsletters
Writing for O'Reilly
RSS Feeds

Other O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
Inside iPhone
O'Reilly FYI
makezine.com
craftzine.com
hackszine.com
perl.com
xml.com

Sponsored Sites
Inside Aperture
Inside Lightroom
Inside Port 25
InsideRIA
java.net