Does anyone know about a workaround/fix for the below problem? We'd
like to use a wildcard certificate ...
I tested the "wildcard" test-certificate offered by www.thawte.com
The test:
I control the DNS, so I put a "*.gmoney.com" entry in my DNS file,
and ping tested multiple names, ie. hello.mydomain.com,
xxxx.mydomain.com, etc. Everything resolves to a specific IP, which
is a box running Linux RedHat7 with preconfigured SSL and Apache
(comes already set up with RH7).
I generated a CSR with the command "make certreq", submitted it to
www.thawte.com, receieved a CRT, copied the CRT to the file
/etc/httpd/conf/ssl.crt/server.crt, and restarted apache.
Findings:
All clients connecting over SSL recieve the "non-trusted authority"
error (this is normal for a "test" certificate).
Win98 IE5 clients report "hostname matches the certificate."
Win2K IE5 clients report "hostname does not match the certificate."
Win98 NS4.7 only reports "non-trusted authority." No mention of
hostname match or not.
Win2K NS4.7 only reports "non-trusted authority." No mention of
hostname match or not.
Any and all suggestions/fixes/workarounds will be greatly appreciated.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
