[ietf78-tech] Fwd: Certificates for the IETF
John Kemp
kemp at network-services.uoregon.edu
Thu Jul 15 16:56:30 PDT 2010
Damn. I may have to take you guys up on that
suggestion. Really didn't want to have to resort
to bogus-ifying mappings, but it looks like Apache
IP-based virtual hosting doesn't quite make it when
the SSL engine is involved. Damn damn damn. (The
one case where people apparently have made this work
is on a virtual interfaces which is useless in this case.)
I can see now that to make this work I would have
to run two unique instances of Apache, which would
be much uglier than using DNS views.
This was my misunderstanding
of what I was reading in the Apache manual. Did
I say "damn" again yet? Damn.
Other sites where we have done multi-bridge, we
used wildcard certificates. But I figured that would
be a tough sell, so I didn't even request that.
(We could still try some kind of bogus
wildcard generation. But I'm not sure about that
when it comes to self-signed.)
So I'll bite. Let's see if we can come up with
a DNS views way to do this.
And thank you for your indulgence on this. I
was really hoping we could make this work on the
straight and narrow. Sorry about that one.
/jgk
>
> It's a valid suggestion.
>
> But we have the certificate now.
> We really shouldn't need to do anything to the DNS.
>
> /jgk
>
More information about the ietf78-tech
mailing list