Certificate CN hostname matching

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Certificate CN hostname matching

Luc Rocheleau
Hi,

My question is about certificates generation for apache.
I'm searching how to fit two different domain names  in one CN
instance(over a single IP/Port) to qualify the browser validation.

I know its possible to use wildcard like this for a single domain:
CN=*.mydomain.com

But, when you have a second domain, is it possible to use a pipe like
this:  CN=*.firstdomain.com | *.seconddomain.com

or must I absolutely use a second ip address?


Thanks for your help and regards.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Certificate CN hostname matching

Victor Duchovni
On Thu, Sep 08, 2005 at 02:34:31PM -0400, Luc Rocheleau wrote:

> Hi,
>
> My question is about certificates generation for apache.
> I'm searching how to fit two different domain names  in one CN
> instance(over a single IP/Port) to qualify the browser validation.
>
> I know its possible to use wildcard like this for a single domain:
> CN=*.mydomain.com
>
> But, when you have a second domain, is it possible to use a pipe like
> this:  CN=*.firstdomain.com | *.seconddomain.com
>

No, but modern clients support the AlternateSubjectName extension. Google.

--
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]