On Wed, Oct 24, 2012 at 2:37 PM, Dave Thompson <dthomp...@prinpay.com> wrote: >>From: owner-openssl-us...@openssl.org On Behalf Of Alan Buxey >>Sent: Wednesday, 24 October, 2012 03:00 >>To: aurfal...@gmail.com; openssl-users@openssl.org >>Subject: Re: Wild card SSL; use on multiple Apache servers > >>The wildcard is for a particular domain (* is value for any host >>within it) . If your other server is in a different domain, >>then it won't work. > > Right. Because the CA only verified your control of the domain > that it issued the cert for; if you get a cert for fredsmith.com > and could use it on a server that impersonates www.amazon.com > you could steal billions of dollars from millions of people. I believe you can go to TrustWave and get certificates for domains outside your control (http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html). Mozilla rewarded their bad behavior by continuing their inclusion (https://bugzilla.mozilla.org/show_bug.cgi?id=724929).
So much for Trust as a commodity.... Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
