Re: [apache-ssl] Certificate question

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] Certificate question
From: Marc Slemko <marcs@znep.com>
Date: Thu, 7 May 1998 13:04:33 -0600 (MDT)
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
In-Reply-To: <Pine.GSO.3.96.980507065114.6596A-100000@is.rice.edu>
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Reply-To: apache-ssl@lists.aldigital.co.uk

On Thu, 7 May 1998, Wyman Eric Miles wrote:

> 
> This is documented on Netscape's technical support site.  Basically, the
> client compares the common name given in the certificate to the URL.  If
> the two don't match, you get that error.  For example:
> 
> Our test server is pecos.is.rice.edu and I (oops) created a certificate
> with a CN of "Rice University" and received that error.  If I create a
> certificate with a CN of "(pecos.is.rice.edu|pecos.is|pecos)" I'm covered

Does this work with MSIE?

Last I knew wildcards didn't, not sure about other regexes...

> for any way visitors can come to the site and they shouldn't receive that
> error message; https://pecos or https://pecos.is or
> https://pecos.is.rice.edu
> 
> You can either use common names like the above that are a series of values
> OR'd inside parenthesis or just give the name of the site as it should be
> accessed: "ruf.rice.edu"
> 
> Wyman
> 
> 
> On Thu, 7 May 1998, Steven Bolbot wrote:
> 
> > Well I finally got the server up and running :)
> > One question I do have though: When I connect with a web browser (in this
> > case Netscape) it displays this:
> > The certificate that the site 'storm.lightning.tne.net.au' has presented does
> > not contain the correct site name. It is possible, though unlikely, that
> > someone may be trying to intercept your communication with this site. If you
> > suspect the certificate shown below does not belong to the site you are
> > connecting with, please cancel the connection and notify the site
> > administrator. 
> > 
> > Exactly where do I put the site name so this error message doesn't come up?
> > 
> > Thanks
> > - SB
> > ________________________________________________________________________
> >                                                  
> >   \  |_)             |                     Steven Bolbot
> > |\/ | | __ \   _ \  __|  _` | |   |  __|  sjb@tne.net.au
> > |   | | |   | (   | |   (   | |   | |     ICQ: 1221679
> > _|  _|_|_|  _|\___/ \__|\__,_|\__,_|_|     http://Minotaur.home.ml.org
> >                                           
> >     Go to
> > <http://minotaur.home.ml.org/sjb.asc>http://Minotaur.home.ml.org/sjb.asc
> > for my
> > PGP Public Key.
> > ======================================================================== 
> > Out of the token ring, through the router, to the t1, down the fiber, over the
> > cable, through a
> >                  repeater, off another router, past the firewall...Nothing but
> > net!  
> > 
> 
> Wyman Miles
> Systems Administrator, Systems and LAN Management, Rice University, Texas.
> (713) 737-5827, e-mail:wymanm@rice.edu, pager:wymanm@pager.rice.edu
> SalMoN AntiSpam software for UNIX: http://is.rice.edu/~wymanm/smn
>

Follow-Ups:
- Re: [apache-ssl] Certificate question
  - From: Wyman Eric Miles <wymanm@is.rice.edu>

References:
- Re: [apache-ssl] Certificate question
  - From: Wyman Eric Miles <wymanm@is.rice.edu>

Prev by Date: Re: [apache-ssl] Certificate access in CGI-Script
Next by Date: Re: [apache-ssl] Certificate question
Prev by thread: Re: [apache-ssl] Certificate question
Next by thread: Re: [apache-ssl] Certificate question
Index(es):
- Date
- Thread