[PLUG] OT: SSL Certs for Web Sites

Kris krisa at subtend.net
Mon Jan 6 15:44:01 UTC 2003


On Fri, Dec 20, 2002 at 12:51:11PM -0800, Karl M. Hegbloom wrote:
> On Fri, 2002-12-20 at 12:34, Kyle Accardi wrote:
> > Matt King wrote:
> > 
> > > Yeah it's for commercial use, so I can't have scary dialog boxes coming
> > > up.  
> > 
> > Doesn't seem to bother my bank,
> > https://www.pcbanking.washingtonmutual.com/logon/
> 
> The reason it does that is because the Issued to CN (Common Name) does
> not match the domain name you are visiting when you access their site. 
> If you select "View Certificate", you'll see that it is in fact signed
> by Verisign.
> 
> They could fix it by adding their "pcbanking.washingtonmutual.com" to
> one of the standard X.509 version 3 extension fields:
> 
> See: Section 4.2.1.7  Subject Alternative Name
> 
> http://www.pdxlinux.org/doc/RFC/proposed-standard/rfc2459.txt.gz

How can one acutaly implement this with self-signed keys with
OpenSSL/Apache (read as: I've read the theory, show me the commands)? :)

Can it be top level domains.. as in can my key contain subtend.net +
devilsfate.com + etc... or just secondary?  (subtend.net +
lists.subtend.net)

Sorry for digging up an older topic, but I kept this email around so I
could get to it when I was ready (and after I could read and interperate
what the rfc was saying).

-- 
I'm just a packet pusher.




More information about the PLUG mailing list