[rt-users] LDAP Authentication, Redux

bill at daze.net bill at daze.net
Tue Dec 3 13:19:31 EST 2002


> And the only problem with SSL is that you can't use it with
> multiple named vhosts on the same IP address.  I like to give
> every web service its own hostname because this makes it easy
> to move around as machines are changed or upgraded without
> affecting anything else and it is a lot easier to do this with
> CNAMES than IP addresses.  When you run these over ssl the browser
> always pops up a warning that the hostname on the certificate
> doesn't match the requested host - but it does work as long as the
> user clicks the OK button.  Is there any way to avoid this that
> doesn't tie the name to an IP address as a side effect?

Yes, get a wildcard certificate, i.e. *.example.com.  Then you can use
name based virtual hosts site1.example.com, site2.example.com, etc.
without receiving a certificate mismatch warning.

We've been using them for years.  Thawte used to be the only game in town,
but now you can get them from other Certificate Authorities.  Our current
wildcard certificate is from Geotrust/Equifax.

-Bill





More information about the rt-users mailing list