[ntp:hackers] Why are we going down this road? Question on listen-on, query-on, -I
Olaf Fraczyk
olaf at navi.pl
Mon Jun 8 07:25:55 UTC 2009
On Sun, 2009-06-07 at 23:54 -0400, Danny Mayer wrote:
> I said the exact opposite. I expect and do get a certificate error if
> the host header does not exactly match the certificate. When the URL is
> https://foo.ntp.org/ then the Host in the header is foo.ntp.org and that
> what needs to match the certificate. If I enter instead https://foo/
> then I will get a certificate error as the Host header does *not* match
> the certificate. It has nothing to do with the IP address which in this
> specific case will be identical.
Hi,
1. The certificate is bound to a host name (to keep it simple here - it
can be any domain name or a wildcard one etc.).
2. Just as Dave has written, the certificate is presented for a given
IP. It is impossible to present it basing on the name.
3. You need 1 IP for 1 SSL site to be able to make it work together.
4. What you see can be a side effect of misconfiguration, or you use
wrong hostname.
Best regards,
Olaf
--
Olaf Frączyk <olaf at navi.pl>
NAVI
http://www.navi.pl
http://www.ntp.navi.pl
More information about the hackers
mailing list