-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Marten Lehmann schrieb: > Hello, Hello Marten,
> I recently read, that it is possible the have more than one ssl-host per > ip-address. This shall be possible with two special requirements: > > - all ssl-hosts share the same key > - all certs for the hosts are bundled within one file No. Either every SSL host is on a seperate key or you have to use one private key and one certificate that identifies itself for all SSL hosts. This is done with the subjectAltName extension. There are extensions to the SSL protocol that allow more than one certificate for one port, but AFAIK this is only implemented in the OpenSSL HEAD (which will becopme 0.9.9 sometime in the future). And I don't know any client supporting that SSL extension. > For the letter requirement I think it doesn't only have to be one file > containing one cert after the other, but these certs have to merged to > one big cert. How can this merging be done? Is it possible to do this > with openssl or can only the issuer of the certs do that? Only the issuer can do that: He has to issue a new certificate with the subjectAltName extension containing the host name the certificate is for... Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE22eh2iGqZUF3qPYRAvnUAJ41AFCwfEJ5fkPnMDfdM1mSxsFBXQCeOBHG RP4+R/PavIbN6z6LjKI6m24= =rxqM -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
