Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?

• Previous message: jrmuelleimer@gmx.de: "secure email download"
• In reply to: Klaus Johannes Rusch: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Next in thread: Alun Jones: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Reply: Alun Jones: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Robert van der Meulen <joesnet@wiretrip.org>
Date: Tue, 8 Apr 2003 10:47:49 +0000 (UTC)

Hi,

On Mon, 07 Apr 2003 15:24:04 +0000,
Klaus Johannes Rusch <KlausRusch@atmedia.net> wrote:
> As long as all servers are in the same domain, you may be able to use
> certificates with globbing, i.e. if your domains is agency.example.gov, that
> certificate could be sed on www1.agency.example.gov,
> www2.agency.example.gov, another.agency.example.gov (but not
> www.subdomain.agency.example.gov)
>
> If all servers are low traffic I have to ask though, why not use a single
> server (possibly a reverse proxy that proxies requests to individual backend
> servers fulfilling the actual requests then).

Before someone takes this advice to heart, please consider the
following:
- Wildcard certificates have a CN of *.domain
- Wildcard certificates do not work with a *lot* of browsers, and -
check this for yourself, i don't know if my memory serves me right -
most Microsoft browsers refuse to handle it. Not that I care for that,
but your customers/boss might.

Greets,
        Robert

-- 
/^"- '-(\__/)-' -"^\
    '-.' oo '.-' Holy Jesus! What are these goddamn animals?!
       `-..-'       
            Finger rvdm@db.debian.org for my GPG key.

• Previous message: jrmuelleimer@gmx.de: "secure email download"
• In reply to: Klaus Johannes Rusch: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Next in thread: Alun Jones: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Reply: Alun Jones: "Re: multiple domains on one server - can I get a single certificate of authority to handle all of them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Unable to install certificates and unable to patch ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ... (microsoft.public.windows.server.general) Terminal servers missing required certificates ... We have three terminal servers that we are not able to install MS ... Timestamping CA" certificates. ... When specify it to put them into the Trusted Root Certificate store I get ... (microsoft.public.security) Re: Multiple web hosts and SSL ... It is possible to create a "wildcard" cert using the name *.domain.com ... though there may be some limitations on which browsers [or servers?] can use ... packs had problems with wildcard certs, until service pack 1 or later was ... The price is not the same as non-wildcard certificates... ... (microsoft.public.inetserver.iis.security) Re: Terminal Services + IPsec using certificates? ... protect any data exchanged between client and server. ... have to manually set Encryption level to high. ... If you decide to use certificates for IPSec each computer would get it's own ... > of security around the servers. ... (microsoft.public.win2000.security) Re: Terminal servers missing required certificates ... Try logging on as a "local" administrator on those servers. ... trusted root certificate authorities/certificates. ... select all tasks - import and try to import the certificates that way. ... > We have three terminal servers that we are not able to install MS ... (microsoft.public.security)