> I am curious. IF the server certificate had a common name www.xxx.org and
> the virtual host is yyy.xxx.org, should the browser considering the server
> a fake?
If the Browser talks to yyy.x:443 he expects a X509 Cert with CN=yyy.xxx
In the case described by you the CN is invalid (from browsers point of
view).
oki,
Steffen
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
