SSL and the use of Private address
Jason Shaw
grazer-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 14 02:48:02 UTC 2011
Did you buy the cert for www.domain.tld or domain.tld? Usually when I've
encountered this problem in the hosting world it's because someone buys it
with the www and then visits the site without it.
On Thu, Jan 13, 2011 at 3:22 PM, William Muriithi <
william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Afternoon pals,
>
> I got a quick question. I have bought an ssl from veriSign this
> morning. I have applied it to one of our system and all went well.
> However, when I point the browser to the system, I get an ssl error.
>
> I can see all the details seem sound, the subject part is correct, so
> is the issuer section, public key etc, but it fails, according to
> safari because of host name mismatch. That is odd, because when I
> type hostname on the console, it matches the "common name" in the
> subject section on the certificate. Google say this is the reason for
> this error, but happen not to the case in this situation.
>
> My only guess is it may be freaking out because the domain we have on
> the certificate resolves into a private IP. I know, its not proper
> according to RFC, but remember this is 2011 and public IP are becoming
> an issue so was hoping to work around that since its a server that
> will be used internally only.
>
> Anyway, question is, considering the IP information is not passed to
> VeriSign, can the use of private IP end up breaking a certificate?
>
> William
> William
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20110113/8cc8d7a7/attachment.html>
More information about the Legacy
mailing list