The client wants to get a cert back with a
name that matches the resource it connects to. Else, you connected to a
resource but got a cert for a non-matching resource, so perhaps there was
something like DNS spoofing that tricked you in to going there. This is
potentially bad. Set up each instance to have a cert with a
name that matches the vanity URL and put that cert in the ADAM service store. Ensure
the cert is marked for server auth. ADAM will pick it up directly this way,
not ask SCHANNEL what the right cert is, and you can party on like it’s
1999. There is a way to do this w/o a matching
name, something about putting it in another field (perhaps it was alt subject,
I’m not sure). I don’t know, I’m not much of a cert guy. I talked
with the cert people once who said this should work and a customer confirmed it. ~Eric From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mr Oteece Is it possible to setup two ADAM instances and have them both respond
to the same "vanity url" over ssl? Both |
- RE: [ActiveDir] SSL to ADAM with a vanity URL Eric Fleischman