[Pdweb] Re: [PD] website SSL certificate
IOhannes m zmoelnig
zmoelnig at iem.at
Sat Apr 22 09:24:32 CEST 2006
hi.
this issue should really be on the pdweb at iem.at list, so i have moved
this thread.
carmen, you might want to subscribe yourself to this list for ongoing
discussion (if there is one)
carmen wrote:
> for as long as i remember (certainly through several different browser-changes) pure-data's website has popped up an annoying dialog on first visit:
>
> - The server's name "www.puredata.org" does not match the certificate's name "puredata.info;puredata.org;puredata.org". Somebody may be trying to eavesdrop on you.
>
> i know it happens with at least firefox and opera. upon choosing to install the certificate despite the browser's initial objections, you can continue.
>
that's because the "official" name of the server is "puredata.info" and
NOT puredata.org, and NOT AT ALL www.puredata.org (this has something to
do with who owns which name).
> not dealing with SSL regularly, perhaps a different one could be generated for each domain, and some kind of switch statement in the apache/lighttpd/whatever conf could send the right one...
no that's not possible with apache.
basically there are 2 options:
- only have 1 single name for the https-server (like puredata.info) and
make redirects for all other names (like puredata.org)
- make a multi-name certificate; that is what i tried currently.
probably a mixture of both would be best (e.g. redirect *.puredata.org
to puredata.org);
mfg.asdr.
IOhannes
More information about the pdweb
mailing list