I've been playing around with the apache and our virtual hosts. I am well aware that I could have different certs for each IP address if I were using IP based virtual hosting but I'm using name based virtual hosts.
I host a variety of domains which are not at all subdomains of my main domain. What I would like to do is have one cert for all my domains. I sort of have it working with name based virtual hosting, but in some cases, I get the following warning in Internet Explorer: "The name on the security certificate does not match the name of the site." It appears that some web browsers, Netscape for example, support a * as a wild card in the CN. For example CN=*grant.org. There's also some talk on Microsoft's web site of some versions of IE supporting this too. Though, apparently not 5.01 running on windows 98 or me. The cases seem to be: 1) I generate a cert with CN=grant.org. No complaints when I connect to https://grant.org. Both Netscape & IE complain if I connect to www.grant.org or any other of my domains. 2) I generate a cert with CN=*grant.org. No complaints when I connect to https://www.grant.org or https://grant.org from Netscape. IE complains that the name is incorrect. I can import the self-signed cert into both IE's and Netscape's trusted root ca list. 3) I generate a cert with CN=*. No complaints when I connect to any of my domains with Netscape, however IE complains that the name is incorrect. I can import the self-signed cert into Netscape's trusted root ca list but NOT IE's. Can someone tell me if there is a right way to generate a cert that works with more than one site with the various different browsers out there? Michael Grant ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
