On Fri, 2011-09-16 at 13:04 -0700, Amol Chiplunkar wrote: > Any inputs on this ?
What you are asking for is that you have one certificate which works for all domain names, which kinda defeats the point of having a secure infrastructure. If your server can be accessed by different domain names you'll have to specify them in the subjectAltName field of the cert: http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ I think you asked that before and I told you the same thing back then. Erik > On 9/15/2011 1:44 PM, Amol Chiplunkar wrote: > > Hi, > > > > This is regarding an IPS repo behind a reverse proxy that opens only > > the secure http port. > > Based on the suggestions on a previous thread, I successfully > > configured an apache web server > > instance as a reverse proxy. The hostname on which apache is running, > > is used as the CommonName > > to generate the cert. > > > > The cert is added to the truststore of the pkg command. > > And pkg command can successfully use it as the https based publisher. > > > > However, it fails to communicate if it uses anything other than the > > hostname > > in the publisher URL. > > i.e. an FQDN or an IP address. > > > > Is there a way for pkg command to not do the common name check ? > > Or is there a way around this, so that hostname, FQDN, host aliases, > > ip addresses > > can be used in the URL ? > > > > thanks > > - Amol > > > > _______________________________________________ > > pkg-discuss mailing list > > [email protected] > > http://mail.opensolaris.org/mailman/listinfo/pkg-discuss > _______________________________________________ > pkg-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/pkg-discuss _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
