On 6/16/07, David Schwartz <[EMAIL PROTECTED]> wrote:
> I would like to create a individual space for all my customers, using > their own domain name. > > For example > > debian.org -> debian.org.example.com > linux.org -> linux.org.example.com > uk.debian.org -> uk.debian.org.example.com > > I tried to create a wildcard certificate for example.com, but it only > works for foo.example.com > not for foo.bar.example.com What does "works" mean in this context?
IE6 complains about the domain name not matching the certificate.
That way, I can host the service on separate server, totally independent. > The only one that know them all is the DNS, that is the only one to > have a backup. > > Any idea ? It is not clear what you are talking about. What are these certificates for? Web? Email? What client software are you attempting to use?
Web browser HTTPS, and mail client (imap over ssl and smtp using SSL or TLS) If you are trying to get existing software to work with your special
certificate scheme, you are attempting to impossible. You will have to use, at a minimum, your own client software. Programs like IE and Firefox are
Firefox 1.5 and 2.0 are working (like thunderbird), but not IE unlikely to properly handle unusual cases like this. At least, last time I
checked, IE broke wildcard certificates so badly that I would consider it irresponsible for a CA to issue such certificates. (And there are still clients out that *IGNORE* the restriction even though it's marked critical!) Rather than wildcard certificates, just set up a web site to issue whatever specific certificates are needed.
DS
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- -- Alain Spineux aspineux gmail com May the sources be with you
