>From: owner-openssl-us...@openssl.org On Behalf Of Alan Buxey
>Sent: Wednesday, 24 October, 2012 03:00
>To: aurfal...@gmail.com; openssl-users@openssl.org
>Subject: Re: Wild card SSL; use on multiple Apache servers
>The wildcard is for a particular domain (* is value for any host
>within it) . If your other server is in a different domain,
>then it won't work.
Right. Because the CA only verified your control of the domain
that it issued the cert for; if you get a cert for fredsmith.com
and could use it on a server that impersonates www.amazon.com
you could steal billions of dollars from millions of people.
And an added point which is not obvious to some people,
it's only implemented for one level. *.domain.com works
for www.domain.com ftp.domain.com silly.domain.com but
NOT www.foo.domain.com . Even though this wouldn't actually
violate the trust constraint in any situation I can imagine.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
