[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [saml-dev] URGENT: A "plan" for the CA... Instructions forobtaining the certs
>If I'm not mistaken, when you request your cert, you should specify the >actual system host name (e.g. jackson.rsa.com) as the Common Name, not >something like "www.crosslogix.com". It is the cert not matching the >system name that causes the complaint. I don't believe it has anything to >do with "portal", receiver", etc. It has everything to do with them, in fact it's paramount. What matters is what the user types into the browser (or what you link them to). If I access the server by IP address, it will complain because it doesn't "match". You can't alias an SSL server in DNS freely without other tricks like subjectAltName, wildcards, etc. in the cert, which I doubt work consistently in all browsers. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC