[TriLUG] Tricky routing issue
Jeremy Portzer
jeremyp at pobox.com
Mon Oct 29 22:48:31 EDT 2007
Chris Bullock wrote:
> I agree with Robert, your certs are based on browser URL and the cert. IP
> address has nothing to do with your cert. You can also get wildcard certs
> where your cert is issued to *.yourdomain.com and it will cover all your
> server in your domain.
While this doesn't exactly address the original poster's issue (which
can be solved simply by adjusting the router to send different
protocols/ports to different internal hosts), it is also possible to use
something called a "Subject Alternative Name" (SAN) instead of a
wildcard certificate. The SAN allows you to use multiple URIs on the
same certificate; e.g. "jabber.yourdomain.ocm" and "www.yourdomain.ocm"
could be both listed. These could resolve to the same IP address, and
then use the router again to send the requests to different internal hosts.
Subject Alternative Names are fully supported by all modern browsers and
certificate systems, and seem to be under-appreciated by many web site
and network administrators in my opinion.
Someone else asked about "embedded" browsers - does this refer to cell
phones? - but this is a standard that's been around a while so there's
no particular reason they shouldn't support either SANs or wildcard
certificates.
--Jeremy Portzer
More information about the TriLUG
mailing list