----- Original Message -----
From: Lin <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 12, 1999 2:45 AM
Subject: Re: forcing secure via name (off topic?)
> I am curious. IF the server certificate had a common name www.xxx.org and
> the virtual host is yyy.xxx.org, should the browser considering the server
> a fake?
>
Yes, unless you have a Thawte wildcard certificate for *.xxx.org, which I
think don't work in some older browsers. Verisign don't do wildcard certs.
If the domain in the browser doesn't match the CN on the cert then it's an
error.
Cheers,
Simon Garner.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
