> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sexton > Sent: Tuesday, March 15, 2005 8:45 PM > To: openssl-users@openssl.org > Subject: RE: Field CN and the certificates > > >> >I use openssl to build a self-signed certificate for my web > >> server. I imported the CA cert to my PC already. > >> > > >> >When I open the web server, IE says the certificate is from a > >> >trusted CA as expected, the security certificate is valid, but it > >> >says the name is invalid. > >> > >> You mean like this: https://paypal.com ? > > > >Yes, I access to https://abc.mydomain.com and CN=abc.mydomain.com > > > >More details : this server hosts two different name abc.mydomain.com > >and def.mydomain.com, each with different ip ) for https access. > > > >I use <VirtualHost ip-of-abc.mydomain.com:443> and > >VirtualHost<ip-of-def.mydomain.com:443> and these virtual hosts work > >because IE points to the correct DocumentRoot for each name. > > What is the reverse-dns for the IP address pointed to by abc > (and def) mydomain.com ?
Yes, A and PTR records are set correctly for both domains. I just double checked by nslookup. > I've seen Apache take an IP address pointed to by more than > one domain look up the reverse and use whatever that is. For > example is you made a cert for abc, yet def points to the > same IP and the reverse says def then def is what it will > use; this will not match abc and you'll get this error. I see your point. My server is "virtual hosts" by ip addresses. I mean it has two names with two separate ip addresses. I can test again by setting it to have only one ip and one host name . I will post back the result. Thanks, Vu ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
