PHWinfo - Afficher un message - SSL Certificate

26/03/2005, 22h12

"Ed_Zep" <ed_zep@ntlworld.com> wrote in news:1111829825.195355.131940
@l41g2000cwc.googlegroups.com:

> Hello. Hope someone can with this.
>
> We've ordered Verisign certificates for a couple of Oracle 9.0.4.1
> application servers.
>
> Two existing servers have an issued to name different to that of the
> server name itself. The idea being that we can have four servers being
> accessed on a round-robin basis but the issued to name on the
> certificate is always the same.
>
> The DNS server has one entry for all four servers.
>
> Any ideas how we do this? I was under the impression that it had to be
> the same as the server name.
>
> I know it's do-able as the two original servers had their certificates
> changed but the guy who did that isn't here anymore!

To put it in overly simple terms: Certificates are for clients. If the
client asks for a certificate from www.example.com and it always gets the
same certificate with the Common Name www.example.com, it is happy.

If the client gets a certificate with a different name, it is unhappy.

If the client gets *different* certificates, all with the same Common
Name, it is unhappy.

Therefore, you would install the *same* certificate on every server that
will be resolved by a client as www.example.com. The "real" server name
is irrelevant, neither the server nor the client care about it at all.

26/03/2005, 22h12	#2
Jorey Bump Messages: n/a Hébergeur:	Re: SSL Certificate - Newbie Question "Ed_Zep" <ed_zep@ntlworld.com> wrote in news:1111829825.195355.131940 @l41g2000cwc.googlegroups.com: > Hello. Hope someone can with this. > > We've ordered Verisign certificates for a couple of Oracle 9.0.4.1 > application servers. > > Two existing servers have an issued to name different to that of the > server name itself. The idea being that we can have four servers being > accessed on a round-robin basis but the issued to name on the > certificate is always the same. > > The DNS server has one entry for all four servers. > > Any ideas how we do this? I was under the impression that it had to be > the same as the server name. > > I know it's do-able as the two original servers had their certificates > changed but the guy who did that isn't here anymore! To put it in overly simple terms: Certificates are for clients. If the client asks for a certificate from www.example.com and it always gets the same certificate with the Common Name www.example.com, it is happy. If the client gets a certificate with a different name, it is unhappy. If the client gets different certificates, all with the same Common Name, it is unhappy. Therefore, you would install the same certificate on every server that will be resolved by a client as www.example.com. The "real" server name is irrelevant, neither the server nor the client care about it at all.