LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

another drawback

another drawback

Posted Jan 3, 2008 12:07 UTC (Thu) by jschrod (subscriber, #1646)
In reply to: another drawback by mattdm
Parent article: The future of unencrypted web traffic 

All recent browsers support the cert extension »Certificate Subject Alt Names«, with DNS names
as entries, and thus allow to use name-based virtual https hosts. We use them on several of
our sites and have had no complaints at all until now. As an example you can look at the cert
of https://lists.dante.de/, our site for the mailing lists of the German TeX Users Group.

Of course, if one still needs to support IE4 or such, one is out of luck.

That said, this is no solution for mass hosters, as one needs to recreate the certificate for
every virtual host that's added. In the end, that is not manageable, especially from a
security viewpoint. But for a company or an organization which has a few dozen hosts and a low
change rate, it's a working solution.

(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds