Normally, when a certificate is to be valid for more than one domain name, one name is in the "CN" field, and the others are in the "subjectAltName" extension.
But look at the cert for "https://www.ipmirror.com/". It has CN = admincms.ipmirror.com CN = business.ipmirror.cn CN = business.ipmirror.com CN = business.ipmirror.de CN = business.ipmirror.jp CN = business.ipmirror.kr CN = chat.ipmirror.com CN = customer.ipmirror.cn CN = customer.ipmirror.com CN = customer.ipmirror.de CN = customer.ipmirror.jp CN = customer.ipmirror.kr CN = demo-business.ipmirror.com CN = demo-customer.ipmirror.com CN = imap.ipmirror.com CN = netrunner.ipmirror.com CN = ote-business.ipmirror.com CN = ote-customer.ipmirror.com CN = ote-rapi.ipmirror.com CN = ote-registryconsole.ipmirror.com CN = rapi.ipmirror.com CN = rapiote.ipmirror.com CN = rcube.ipmirror.com CN = register.ipmirror.de CN = registryconsole.ipmirror.com CN = telhosting.ipmirror.com CN = www.ipmirror.com This was issued by CN = PositiveSSL CA O = Comodo CA Limited L = Salford ST = Greater Manchester C = GB Validity dates are (1/6/2010 0:00:00 AM GMT) to (7/10/2010 23:59:59 PM GMT) so it's a currently live cert from a major CA. The cert chain validates properly. Is this considered valid? John Nagle ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org