[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-developers] SSL Sharing

Subject: RE: [cobalt-developers] SSL Sharing
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Sun Apr 16 16:48:24 2000

What does Microsoft have do with SSL in this context?
Raq2 doesnt have any problems sharing a Thawte cert providing
you get the symlinks and the urls correct.

https:/secure.domain.com/virtualdomain.com/secure/securefile.html

works fine.

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-developers-admin@xxxxxxxxxxxxxxx]On Behalf Of Mark
> Crispin
> Sent: Sunday, April 16, 2000 5:12 PM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Cc: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: re: [cobalt-developers] SSL Sharing
>
>
> On Sun, 16 Apr 2000 15:21:11 -0400, hostmaster@xxxxxxxxxxxxxxxxx wrote:
> > Does anyone know how to share a single SSL certificate among the domains
> > hosted on a RAQ3i?
>
> The short answer is that you can't.  Each domain must have its own
> certificate.  If you're offering secure webhosting, this is a charge that
> you'll probably want to pass on to your customer.
>
> The reason for this restriction -- an SSL restriction not a
> Cobalt one -- is
> that otherwise, a bad guy could set up a fake microsoft.com offering the
> certificate for his legitimate blurdybloop.com.
>
> Actually, it's worse.  Microsoft requires that each logical host
> must have its
> own certificate.  In other words, if you have foo.blurdybloop.com and
> bar.blurdybloop.com, they must each have their own certificate.
>
> You can buy a wildcard (*.blurdybloop.com) certificate from Thawte, but
> Microsoft won't accept these as valid because it means that an
> insider can set
> up an unauthorized server that way.  We're working on convincing Microsoft
> that wildcard certificates should be accepted in spite of this;
> that the need
> for wildcard certificates (University of Washington has 80,000 virtual
> subdomains for its IMAP service!) outweighs the modest risk.  However, the
> hotfix and/or service pack for this hasn't come out yet.
>
>
> _______________________________________________
> cobalt-developers mailing list
> cobalt-developers@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-developers
>

Follow-Ups:
- RE: [cobalt-developers] SSL Sharing
  - From: corliss
- RE: [cobalt-developers] SSL Sharing
  - From: webmaster
- Re: [cobalt-developers] SSL Sharing
  - From: Jeff Lasman

References:
- re: [cobalt-developers] SSL Sharing
  - From: Mark Crispin

Prev by Date: Re: [cobalt-developers] SSL Sharing
Next by Date: RE: [cobalt-developers] SSL Sharing
Previous by thread: re: [cobalt-developers] SSL Sharing
Next by thread: RE: [cobalt-developers] SSL Sharing

Sun Cobalt Developers Message Index

Sun Cobalt Developers Thread Index