Re: [fw-wiz] netscreen 25 sofaware ipsec interop

From: Ng Pheng Siong (ngps_at_netmemetic.com)
Date: 01/11/04

  • Next message: Johnny J.: "[fw-wiz] using AAA for NAT accounting"
    To: "R. DuFresne" <dufresne@sysinfo.com>
    Date: Sun, 11 Jan 2004 20:37:58 +0800
    
    

    On Tue, Jan 06, 2004 at 10:18:54AM -0500, R. DuFresne wrote:
    > how does one create a cert for a dynamic IP?

    Wildcard CN, e.g.,

     Subject: C=SG, O=The Net Memetic Pte Ltd,
              CN=*.rulemaker.net/emailAddress=ngps@netmemetic.com

    The dynamic IPs PTR back to, say, xxx.dyn-pool.example.com, and you create
    certs with CN=*.dyn-pool.example.com.

    Verification is entirely up to the relying application, of course.

    Cheers.

    -- 
    Ng Pheng Siong <ngps@netmemetic.com> 
    http://firewall.rulemaker.net -+- Firewall Change Management & Version Control
    http://sandbox.rulemaker.net/ngps -+- Open Source Python Crypto & SSL
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Johnny J.: "[fw-wiz] using AAA for NAT accounting"

    Relevant Pages

    • Re: ssl certificate error/warning with rpc over http (outlook anywhere) 2007 exchange/outlook...
      ... You don't need a wildcard cert, but you do either need a SAN cert with multiple names on it, or you need to set up another IIS virtual server and use a normal cert with the autodiscover name. ... except that users get a certificate warning about a mismatch on ... I have no interest at this point in getting a wildcard ssl ...
      (microsoft.public.exchange.admin)
    • Re: Remote App slow to access
      ... I fixed the cert problem thoby telling TS to accept the wildcard cert...must ... I am using a wildcard certificate and coming in via ISA (all the ...
      (microsoft.public.windows.terminal_services)
    • Re: Wildcard SSL Implementation
      ... You can have a wildcard DNS name - for sure, and if you can get a wildcard ... SSL cert then it'll work. ...
      (microsoft.public.inetserver.iis.security)
    • Multiple SSLs on the same IIs server
      ... I need to add a site that doesn't fit the wildcard naming scheme. ... I have read that I need a unique IP address for the site so the users will be given the right ssl cert when they browse the site. ... Is there another way or would I need a single IP for every single site that has its own ssl? ...
      (microsoft.public.inetserver.iis.security)