In message <[EMAIL PROTECTED]>, "Matt Crawford" writ es: >> The worst trouble I've had with https is that you have no way to use host >> header names to differentiate between sites that require different SSL >> certificates. > >True as written, but Netscrape ind Internet Exploder each have a hack >for honoring the same cert for multiple server names. Opera seems to >honor at least one of the two hacks, and a cert can incorporate both >at once. > > /C=US/ST=Illinois/L=Batavia/O=Fermilab/OU=Services > /CN=(alpha|bravo|charlie).fnal.gov/CN=alpha.fnal.gov > /CN=bravo.fnal.gov/CN=charlie.fnal.gov
You can also use *.fnal.gov --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book)