[Pdweb] Re: [PD] website SSL certificate

[IOhannes m zmoelnig]

hi.

this issue should really be on the pdweb at iem.at list, so i have moved
this thread.
carmen, you might want to subscribe yourself to this list for ongoing
discussion (if there is one)

carmen wrote:
> for as long as i remember (certainly through several different browser-changes) pure-data's website has popped up an annoying dialog on first visit: 
> 
> - The server's name "www.puredata.org" does not match the certificate's name "puredata.info;puredata.org;puredata.org". Somebody may be trying to eavesdrop on you.
> 
> i know it happens with at least firefox and opera. upon choosing to install the certificate despite the browser's initial objections, you can continue.
> 

that's because the "official" name of the server is "puredata.info" and
NOT puredata.org, and NOT AT ALL www.puredata.org (this has something to
do with who owns which name).


> not dealing with SSL regularly, perhaps a different one could be generated for each domain, and some kind of switch statement in the apache/lighttpd/whatever conf could send the right one...

no that's not possible with apache.

basically there are 2 options:
- only have 1 single name for the https-server (like puredata.info) and
make redirects for all other names  (like puredata.org)
- make a multi-name certificate; that is what i tried currently.

probably a mixture of both would be best (e.g. redirect *.puredata.org
to puredata.org);


mfg.asdr.
IOhannes