|
Posted by Juha Laiho on September 12, 2006, 11:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
>It surprises me that SSL certificates signed by CAs are (fully
>qualified) hostname based and not wildcard based, i.e. when I request a
>signed certficate I have to state the full name. If I need to secure
>another host, I have to generate a new request and have that hostname
>signed for as well. This can't be other than a commercially driven
>procedure.
Wildcard certificates are available (or have been, at least), but
at a price significantly higher than that of fully qualified certificates.
There has also been terms of use in certificates limiting in how that can
be used. So, it's pretty much a commercial driver, as you state.
However, with the current proxy technology, what would be the driver
for several SSL-enabled hosts on a single domain? Just do the namespace
division in URL path instead of using several host names.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
| 
XML site map