On Tue, 2 Oct 2001, Robert Mazur wrote:
> ssl_engine_log says:
> <snip - all good data saying ssl is coming up, then...>
> (servername.somedomain.com:443) RSA server certificate CommonName (CN)
> `www.mydomain.com' does NOT match server name!?
> This is true, but the server name does not have to be the domain name of the
> site, does it?
Peter Wainwright ("Professional Apache", p 368) says that "_browswers_
will generate a security warning if the certificate's CN (common name)
does not match the URL that the client asked for." (Emphasis added.)
Which seems reasonable.
Perhaps there is some confusion in what you mean by "server name" and
"domain name of the site". A medium sized site might have a domain name
of 'something.com', several servers named 's1', 's2', etc., and FQDN's of
's1.some thing.com', etc. And in their DNS have 'www.something.com'
pointed at an IP address on one of the servers. As the http requests come
in on the 'www'.something.com' URL, that's what the certificates need to
show.
> Is there something else I need to do so that my www.mydomain.com knows
> it can be preceeded by an https.
That a packet comes in on port 443 implies that https protocol is proper
and expected. That _browsers_ have a convention that a URLs starting with
'https' are handled in a certain manner is of no concern to the server.
If your partner makes all the right moves, the name is not important.
=== JJ =============================================================
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
