SSL and the use of Private address

William Muriithi william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 14 19:13:00 UTC 2011


Jason

On 13 January 2011 21:48, Jason Shaw <grazer-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Did you buy the cert for www.domain.tld or domain.tld?  Usually when I've
> encountered this problem in the hosting world it's because someone buys it
> with the www and then visits the site without it.
Thanks.  I figured it out.  It was my mistake.  The error pop up only
when I use the IP to access the site.  When I use the domain name, all
is fine.

>
> On Thu, Jan 13, 2011 at 3:22 PM, William Muriithi
> <william.muriithi-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
>>
>> Afternoon pals,
>>
>> I got a quick question.  I have bought an ssl from veriSign this
>> morning.  I have applied it to one of our system and all went well.
>> However, when I point the browser to the system, I get an ssl error.
>>
>> I can see all the details seem sound, the subject part is correct, so
>> is the issuer section, public key etc, but it fails, according to
>> safari because of host name mismatch.  That is odd, because when I
>> type hostname on the console, it matches the "common name" in the
>> subject section on the certificate. Google say this is the reason for
>> this error, but happen not to the case in this situation.
>>
>> My only guess is it may be freaking out because the domain we have on
>> the certificate resolves into a private IP.  I know, its not proper
>> according to RFC, but remember this is 2011 and public IP are becoming
>> an issue so was hoping to work around that since its a server that
>> will be used internally only.
>>
>> Anyway, question is, considering the IP information is not passed to
>> VeriSign, can the use of private IP end up breaking a certificate?
>>
>> William
>> William
>> --
>> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
>> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
>> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
>
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list