Re: Wildcard Server Certs No longer accepted

Tue, 23 May 2000 18:00:44 -0700 

Hi

I am sorry you did not get a response directly from Thawte about this
query. We have in fact received confirmation from Microsoft that a hotfix
has been issued for
this.  This hotfix is currently available.  Also a future service pack
will correct this in Win2000.  The word from Microsoft was that for
compatibility reasons this has to work.

I hope that clears up any concerns.

Regards
Jenni Fair

[EMAIL PROTECTED] wrote:

> Hi All,
>
> It seems the latest version of IE 5.0 (5.00.2920.0000) on Windows
> 2000 Por no longer accept our wildcard certs from Thawte. These
> certs are like *.im1.net. Previous versions, and even Netscape 6
> Preview release 1 have no problems. IE 5.0 now complains that the
> cert does not match the site (which it does, just not implicitly)
>
> Thawte have not yet responded to this query, and given recent
> activity there, I doubt I will get one.
>
> It appears Microsoft have obsoleted (depricated) our wildcard certs.
> My biggest concern here is that Thawte would/should know this,
> and should/could inform their customers of the changes *before* it
> affects their business.
>
> Technically *.im1.net does not match (for example)
> webm9.im1.net. I suppose I should be challenging Microsoft on
> this, and not Thawte. I also suppose I should determine if it is just
> a bug (rather than a feature) in IE 5.0 as well. It only has been
> verified on Windows 2000 Release and upgrade. Only with IE.50,
> Netscape 4.72 and 6.0PR1 work fine.
>
> Perhaps some of the more enlightened on the list can offer some
> suugestions regarding how to proceed on this.
>
> Should we buy new certs for each box? (Note: Thawte still sell
> wildcard certs, although the price is now 4 times that of a year ago)
>
> Should we "upgrade" to a "modern" OS Windows 2000 Server(s)
> instead of the 30 year old ancient Unix OS we use now? (Gee,
> sounds best, huh?) At least we can be assured of "compatibility".
>
> (Sorry for the rant guys)
>
> Anyone have any suggestions (other than flames)?
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to