Re: Name on Security Certificate is invalid

From: Alun Jones (alun@texis.com)
Date: 03/27/03 

From: alun@texis.com (Alun Jones)
Date: Thu, 27 Mar 2003 21:35:02 GMT

In article <02c601c2f4a6$282f1d40$a101280a@phx.gbl>, "James Townsend"
<jtownsend@rsasecurity.com> wrote:
>The problem is related to SSL in general. You can not
>issue an IIS Webserver two SSL certificates unless you
>create a virtual site and run the second https site on a
>different SSL protected port. This is cause by the
>header of an SSL request to a webserver being encrypted.
>So only the first certificate is seen and the webserver
>will only response to that name.

.. although it is worth noting that a recent extension to the TLS standard
allows a client to attach the name of the server to which he's connecting, in
the initial ClientHello message. This means that the server would then be
able to pass back the certificate that matches the server that the client is
expecting to talk to.

So, in the future, the ability to run two SSL-enabled servers off the same IP
address will be possible. It takes a while to add such a feature though, and
it has to first be added to an API, then to the server, and also to the
browser, and of course your users will often be using older browsers, so it's
still going to be a while away. But the future will be rosy.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Relevant Pages

  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Publish SSL Web Server behind SBS2003
    ... > How to configure a certificate for use with a Web publishing rule in ISA ... > Server 2004 ... > RWW/OWA for SSL encryption. ... Right click the SSL Web Site and click Properties. ...
    (microsoft.public.windows.server.sbs)
  • Re: "Could not connect to server" error when accessing Outlook 200
    ... Perhaps when you connect via RDP, you have to use SSL. ... The server you are connected to is using a security certificate ... A certificate chain processed, but terminated in a root certificate which is ... Settings on the Advanced tab. ...
    (microsoft.public.outlook.installation)
Loading