>> Since they cannot know in >> advance what will be the host name that their customer will provide for the >> app or appliance (and they don't wish to burden their customer with the task >> of generating and >> installing an SSL certificate after installation), they purchase an SSL >> certificate for an internal-only domain name, and deploy the same private >> key and certificate in each app or appliance.
I appreciate the engineering difficulty/laziness that leads to this situation, but ultimately using the same private key in every box leads to projects like https://code.google.com/p/littleblackbox/ I'd have loved to drop the private key into the thread, but alas, it's not available... yet. $ ./littleblackbox -p munich.pem ERROR: Failed to locate a matching private certificate for fingerprint: AD:4F:33:6D:7E:07:E2:58:E8:A6:93:D6:42:5B:31:34:CC:7D:4A:21 -tom
