At 11:01 AM 2/22/01 +0530, you wrote:
>Forgive my possible ignorance, but the common name of the certificate would
>have to match the NATed apparent address (A entry to the router's public IP)
>of the server, right ?
>
>Regards,
>
>Sandipan
The CN is typically the site name, not IP, .. as such, as long as there is
an on-net IP to establish the session and the IP agrees with the DNS entry
the session can be established.
The major sticking point is that the NAT box must be setup to:
1) Handle an 'inside' server.
2) Proxy SSL requests on port 443.
As someone else responded, many of the NAT boxes will do this, .. but I
have seen some that will not.
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
