cert handling on redirect of https subdomains
Igor Sysoev
is at rambler-co.ru
Fri Sep 12 15:08:20 MSD 2008
On Fri, Sep 12, 2008 at 12:35:29PM +0300, Reinis Rozitis wrote:
> >Interesting. The reason for the limitation makes more sense now. But why
> >do the first *two* virtual domains (example.com and www.example.com) work?
>
> Usually the signed SSL cert contains both domains (Common Name) eg the
> short example.com and the long www.example.com (at least GoDaddy always
> adds both even you dont specify that).
> So basically you get a simple wilcard certificate...( to look up what
> Common Names you have 'openssl x509 -in filename.crt -noout -text' )
You may be right.
However, I believe GoDaddy is pleasing exception: they use such certificate
even on own site. Contrariwise, https://verisign.com and https://thawte.com
present www.* certificate versions.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list