[CentOS] Self-signed certificates

Tue Jan 24 00:56:23 UTC 2006
Thomas E Dukes <edukes at alltel.net>

 

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Jeff Lasman
> Sent: Monday, January 23, 2006 7:31 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Self-signed certificates
> 
> On Monday 23 January 2006 03:37 pm, Thomas E Dukes wrote:
> 
> > I have seen that but it is possible to have a secure 
> connection using 
> > named based virtual hosts.  Been doing it for a while, visit 
> > https://mail.palmettodomains.com, just trying to get the 
> name on the 
> > certificate to match.  I was just tring to get a separate 
> certificate 
> > for other sub-domains using different/correlating naming, 
> but it looks 
> > like the certificates have to be named 'server'.key or .crt.
> 
> I'm not sure of your point, Thomas.
> 
> When I visit your site: https://mail.palmettodomains.com
> 
> I get a secure site for secure.palmettodomains.com.
> 
> Which is what I'd expect with name-based hosting, and which 
> is what the original poster said he's trying to avoid.
> 
> There is one way to get name-based hosting to work with 
> individual certificates and not get name mismatch errors, and 
> that's to set up the secure site on a different port.  And I 
> don't recommend that if anyone is ever going to have to type 
> the URL into a browser; people just get confused.  My 
> recommendation is to only do that if the connection is only by link.
> 

Maybe that's what I need to do as these are not really 'public' sites and
are only used for my purposes (mail).  How would you declare port(s) 444,
445, 446, etc., as a secure/SSL site?

Thanks!!