OK. I think I get it.
Looks like the simple solution would be to get a CA cert for the short domain and provide links to the SSL portion to make sure it is accessed via the proper URL and limit access in the SSL section of the site to only accept from that referring page. Thanks. --------------------------------------------------------------------- Dale Weaver [EMAIL PROTECTED] On Thu, 28 Feb 2002, Luciano Miguel Ferreira Rocha wrote: > On Thu, Feb 28, 2002 at 10:23:56AM -0500, Dale Weaver wrote: > > pretty long but I have another domain that is short. How does modssl > > determine which DN it is running > > under when it compares it to the cert? Is it DNS, httpd.conf, URL > > accessed, hostname, etc.? > > AFAIK modssl does *not* compare the cert with the DN. Only the browser does > that. > > And if both DN point to the same IP address, how can modssl, or any server, > know what DN the client used? > > modssl returns the cert as specified in httpd.conf, under a VirtualHost > section. And that respective VirtualHost can only be calculated by the > destination IP address (the one the client's is connecting to). > > So, you'll either need to use different IP addresses for each DN, or, > in your non-ssl site and https urls, point to just one address. > > Regards, > Luciano Rocha > > -- > Luciano Rocha, [EMAIL PROTECTED] > > The trouble with computers is that they do what you tell them, not what > you want. > -- D. Cohen > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
