[CentOS] Self-signed certificates

Tue Jan 24 00:31:08 UTC 2006
Jeff Lasman <blists at nobaloney.net>

On Monday 23 January 2006 03:37 pm, Thomas E Dukes wrote:

> I have seen that but it is possible to have a secure connection using
> named based virtual hosts.  Been doing it for a while, visit
> https://mail.palmettodomains.com, just trying to get the name on the
> certificate to match.  I was just tring to get a separate certificate
> for other sub-domains using different/correlating naming, but it
> looks like the certificates have to be named 'server'.key or .crt.

I'm not sure of your point, Thomas.

When I visit your site: https://mail.palmettodomains.com

I get a secure site for secure.palmettodomains.com.

Which is what I'd expect with name-based hosting, and which is what the 
original poster said he's trying to avoid.

There is one way to get name-based hosting to work with individual 
certificates and not get name mismatch errors, and that's to set up the 
secure site on a different port.  And I don't recommend that if anyone 
is ever going to have to type the URL into a browser; people just get 
confused.  My recommendation is to only do that if the connection is 
only by link.

Jeff Lasman, Nobaloney Internet Services
1254 So Waterman Ave., Suite 50, San Bernardino, CA  92408
Our blists address used on lists is for list email only
Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html"