Re: SSL CA signed certficates
- From: Juha Laiho <Juha.Laiho@xxxxxx>
- Date: Tue, 12 Sep 2006 15:17:03 GMT
"ttm" <ttm@xxxxxxxxx> said:
It surprises me that SSL certificates signed by CAs are (fully
qualified) hostname based and not wildcard based, i.e. when I request a
signed certficate I have to state the full name. If I need to secure
another host, I have to generate a new request and have that hostname
signed for as well. This can't be other than a commercially driven
procedure.
Wildcard certificates are available (or have been, at least), but
at a price significantly higher than that of fully qualified certificates.
There has also been terms of use in certificates limiting in how that can
be used. So, it's pretty much a commercial driver, as you state.
However, with the current proxy technology, what would be the driver
for several SSL-enabled hosts on a single domain? Just do the namespace
division in URL path instead of using several host names.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
.
- References:
- SSL CA signed certficates
- From: ttm
- SSL CA signed certficates
- Prev by Date: Re: Backup secure enough?
- Next by Date: Re: Does MD5 include the file name?
- Previous by thread: SSL CA signed certficates
- Next by thread: Security Vulnerability Report
- Index(es):
Relevant Pages
|
|
