On Thu, May 18, 2000 at 01:40:15PM -0500, Frank Knobbe at Home wrote:
> The certificate is issued to a domain, you are correct. However, what
> to you think the FQDN resolves to? An IP address... Also, on the
> server you typically install a certificate to a certain IP address if
> you have more than one sites/IP addresses on the server.
The IP Addrress doesnt matter, you can install a certificate on a web server
for the address 10.0.0.1, the server does not care if or if not there is any
FQDN assigned to it. The server also doesnt care about its host name. On the
other hand the client is doing a lookup for www.domain.com and gets an ip
address back, lets say 1.2.3.4... now the client connetcs to 1.2.3.4 and
requesting "GET / HTTP/1.1\nHost: www.domain.com" from the server. Since the
Server is behind a masquerading box, the request will be forwarded to
10.0.0.1. But neighter the Server nor the Client notices nor care about
that, since the certifiate the server is sending to the client contain
www.domain.com and the client is only comparing the content of the common
name of the certificate with the entered url.
BTW: wildcard certificates do not work with IE.
> In regards to load balancing, you can request certs for *.domain.com,
> and each www, www2, etc will use the same cert.
It is easier if you have multiple IP Addresses assigned to the same name.
You wont need wildcard certificates and DNS is doing the load balancing for
you.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
