Victor Duchovni schrieb:
Though RFC2818 is explicit, handling of wildcard certs depends on the browser used. Have a look at http://wiki.cacert.org/wiki/WildcardCertificates?highlight=%28wildcard%29 for some more examples, feel free to add more results there.On Sun, Jun 17, 2007 at 05:06:21AM +0200, Alain Spineux wrote:IE6 complains about the domain name not matching the certificate.Rightly so. RFC 2818, section 3.1, paragraph 4: Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
