Thanks to everyone for the information. I can't recall right now how I set up the name - I was thinking for sure it was with the FQDN, but I'll double check. I will do that reading and check tomorrow when I am back at work and see if I can figure out what is going wrong there.
Thanks On Thu, Oct 11, 2012 at 8:41 PM, Charles Mills <charl...@mcn.org> wrote: > > The wildcard is the lowest-level component of a DNS name, which is at the > left as written; in > > You're right (left?) of course. I was somehow picturing it incorrectly in > my > mind. I quick went and looked at my wildcard comparison code and it is > correct (whew!). > > In my other thread about checking client IP addresses I was picturing a > lowest-level/RIGHTmost wildcard on the IP address: e.g. 192.168.1.* > > That's "lowest level" conceptually but I guess not what the standard or > convention provides for. > > BTW, a good quick discussion of wildcard certificate names: > > http://support.godaddy.com/help/article/567/what-is-a-wildcard-ssl-certifica > te (They'd love to sell you one; this is not an endorsement.) > > Charles > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson > Sent: Thursday, October 11, 2012 5:13 PM > To: openssl-users@openssl.org > Subject: RE: Firefox unhappy with my self signed Cert > > >From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills > >Sent: Thursday, 11 October, 2012 19:40 > > Some minor points: > > >How do you specify the name (URL) of the Web site in Firefox? > >Do you use exactly the same name as you use with the test client (and > >the name in the certificate)? > > OP's test client was openssl s_client, which does NOT check hostname, so > that one doesn't matter. URL in Firefox/etc and name in cert do. > > >Firefox is saying the certificate is for myserver but you are > >specifying a different name when you open the site. The name has to be > >exactly the same as one of the names (including alternates) in the > >certificate. (You can wildcard the last node in the alternate > >names.) myserver is not the same as myserver.com > > You can use wildcard in either Subject or SubjectAlternativeNames. > The wildcard is the lowest-level component of a DNS name, which is at the > left as written; in abstract that might be considered "last" > but I think most people wouldn't call it that. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
