Maybe this will be helpfull to you? http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
I am not sure how well that extension is supported in browsers and other ssl clients, or can you get a CA to sign a certificate that contains these extensions. But, I wouldn't be surprised if there were no problems with any of that because there are scenarios in which its useful to have same certificate be valid for a url that contains a host name or ip address.. What I do know is that I used a single self signed certificate (with subject alt names for: IP Address=10.0.100.11 IP Address=10.0.100.12 IP Address=10.0.100.13 IP Address=10.0.100.14 ) locally for testing on 4 app servers that ran a load balanced app. We tested the app with urls like https://10.0.100.11/ https://10.0.100.12/ and so on. On Wed, Jul 29, 2009 at 10:44 PM, <uma...@comcast.net> wrote: > > My second issue is perhaps more serious: is there an underlying assumption > with > virtual hosts that they are bound by distinct security constraints? I mean, > is there > an implicit assumption, for instance, that distinct virtual hosts would use > distinct SSL certificates? > > I plan to (rather, need to) use the same SSL certificate for all vHosts. > > Thanx again! > > /U > > -- Why? Because YES!
