[PLUG] OT: SSL Certs for Web Sites
Kris
krisa at subtend.net
Mon Jan 6 15:44:01 UTC 2003
On Fri, Dec 20, 2002 at 12:51:11PM -0800, Karl M. Hegbloom wrote:
> On Fri, 2002-12-20 at 12:34, Kyle Accardi wrote:
> > Matt King wrote:
> >
> > > Yeah it's for commercial use, so I can't have scary dialog boxes coming
> > > up.
> >
> > Doesn't seem to bother my bank,
> > https://www.pcbanking.washingtonmutual.com/logon/
>
> The reason it does that is because the Issued to CN (Common Name) does
> not match the domain name you are visiting when you access their site.
> If you select "View Certificate", you'll see that it is in fact signed
> by Verisign.
>
> They could fix it by adding their "pcbanking.washingtonmutual.com" to
> one of the standard X.509 version 3 extension fields:
>
> See: Section 4.2.1.7 Subject Alternative Name
>
> http://www.pdxlinux.org/doc/RFC/proposed-standard/rfc2459.txt.gz
How can one acutaly implement this with self-signed keys with
OpenSSL/Apache (read as: I've read the theory, show me the commands)? :)
Can it be top level domains.. as in can my key contain subtend.net +
devilsfate.com + etc... or just secondary? (subtend.net +
lists.subtend.net)
Sorry for digging up an older topic, but I kept this email around so I
could get to it when I was ready (and after I could read and interperate
what the rfc was saying).
--
I'm just a packet pusher.
More information about the PLUG
mailing list