Normally, when a certificate is to be valid for more than one
domain name, one name is in the CN field, and the others are in
the subjectAltName extension.
But look at the cert for https://www.ipmirror.com/;. It has
CN = admincms.ipmirror.com
CN = business.ipmirror.cn
CN = business.ipmirror.com
CN = business.ipmirror.de
CN = business.ipmirror.jp
CN = business.ipmirror.kr
CN = chat.ipmirror.com
CN = customer.ipmirror.cn
CN = customer.ipmirror.com
CN = customer.ipmirror.de
CN = customer.ipmirror.jp
CN = customer.ipmirror.kr
CN = demo-business.ipmirror.com
CN = demo-customer.ipmirror.com
CN = imap.ipmirror.com
CN = netrunner.ipmirror.com
CN = ote-business.ipmirror.com
CN = ote-customer.ipmirror.com
CN = ote-rapi.ipmirror.com
CN = ote-registryconsole.ipmirror.com
CN = rapi.ipmirror.com
CN = rapiote.ipmirror.com
CN = rcube.ipmirror.com
CN = register.ipmirror.de
CN = registryconsole.ipmirror.com
CN = telhosting.ipmirror.com
CN = www.ipmirror.com
This was issued by
CN = PositiveSSL CA
O = Comodo CA Limited
L = Salford
ST = Greater Manchester
C = GB
Validity dates are
(1/6/2010 0:00:00 AM GMT) to (7/10/2010 23:59:59 PM GMT)
so it's a currently live cert from a major CA. The
cert chain validates properly.
Is this considered valid?
John Nagle
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org