Welcome! Log In Create A New Profile

Multiple certs on one server (was: Re: Firefox says Peer's Certificate has been revoked)

Forum List Message List New Topic Print View

David Newman

December 22, 2010 12:22AM

On 12/20/2010 05:03 PM, David J. wrote:
> On the topic of SSL;
>
> Is there any possible way to run multiple certs on one IP?
>
> I dont think this is possible as per the SPEC; But I am not an expert.

Me neither, but there's nothing wrong with this. The CN in a cert is
bound to a string such as a hostname, not to an IP address. (The string
could also be someone's name, or any other text, including an IP address
-- but as a text string). SSL works above the network layer and doesn't
care about L3 addressing.

So, if you've got multiple virtual hosts on a single IP address, you
have a couple of choices:

a. Use one cert per virtual host

b. Use one cert for all virtual hosts and chain them using the
subjectAltName parameter in openssl.cnf. This is what I did on the
server in the original post in this thread.

Here's a thread from a few years ago when I was getting (b) set up:

http://readlist.com/lists/openssl.org/openssl-users/0/4040.html

You can buy chained certs that do this from multiple registrars; I got
one from GoDaddy but concur with others' description about the GD web site.

dn

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 04:32PM
Re: Firefox says Peer's Certificate has been revoked	Igor Sysoev	December 20, 2010 04:44PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 06:38PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 07:04PM
Re: Firefox says Peer's Certificate has been revoked	Cliff Wells	December 20, 2010 07:20PM
Re: Firefox says Peer's Certificate has been revoked	David J.	December 20, 2010 08:06PM
Re: Firefox says Peer's Certificate has been revoked	Maxim Dounin	December 20, 2010 10:44PM
Multiple certs on one server (was: Re: Firefox says Peer's Certificate has been revoked)	David Newman	December 22, 2010 12:22AM
Re: Multiple certs on one server	David J.	December 31, 2010 07:30AM
Re: Firefox says Peer's Certificate has been revoked	António P. P. Almeida	December 20, 2010 08:44PM
Re: Firefox says Peer's Certificate has been revoked	Cliff Wells	December 21, 2010 10:50PM
Re: Firefox says Peer's Certificate has been revoked	Maxim Dounin	December 20, 2010 07:06PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 07:06PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 153

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018