[CentOS] Self-signed certificates
Jeff Lasman
blists at nobaloney.net
Tue Jan 24 00:31:08 UTC 2006
On Monday 23 January 2006 03:37 pm, Thomas E Dukes wrote:
> I have seen that but it is possible to have a secure connection using
> named based virtual hosts. Been doing it for a while, visit
> https://mail.palmettodomains.com, just trying to get the name on the
> certificate to match. I was just tring to get a separate certificate
> for other sub-domains using different/correlating naming, but it
> looks like the certificates have to be named 'server'.key or .crt.
I'm not sure of your point, Thomas.
When I visit your site: https://mail.palmettodomains.com
I get a secure site for secure.palmettodomains.com.
Which is what I'd expect with name-based hosting, and which is what the
original poster said he's trying to avoid.
There is one way to get name-based hosting to work with individual
certificates and not get name mismatch errors, and that's to set up the
secure site on a different port. And I don't recommend that if anyone
is ever going to have to type the URL into a browser; people just get
confused. My recommendation is to only do that if the connection is
only by link.
Jeff
--
Jeff Lasman, Nobaloney Internet Services
1254 So Waterman Ave., Suite 50, San Bernardino, CA 92408
Our blists address used on lists is for list email only
Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html"
More information about the CentOS
mailing list