On Thu, Nov 07, 2002 at 11:21:50PM +0100, Richard Levitte - VMS Whacker wrote:
> The only real solution we found so far was to have the server
> available on ports 443 (for the public out there) and 444 (for access
> from inside the company), and have those two ports return the
> corresponding server certificate (443 would return the certificate
> signed by VeriSign, 444 would return the certificate signed by the
> internal company CA).
>
> Any other ideas? Solving this in a better way than having two ports
> would be quite welcome.
Hmm. Have the server listen on two IP addresses. Use the certificate
with respect to the IP. If your servers is multi-homed (network connections
are realized by two seperate network interface cards for external or
internal services) this is natural anyway. Otherwise you can still assign
2 IP addresses. Your server can than be called under another name
(www-internal instead of www) or you can set up a split-DNS which returns
the other IP address when called from inside the company.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
