You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/12/12 00:28:13 UTC

DO NOT REPLY [Bug 32652] New: - Please document x509 v3 subjectAltName

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=32652>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=32652

           Summary: Please document x509 v3 subjectAltName
           Product: Apache httpd-2.0
           Version: 2.1-HEAD
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: nospam@indoktrination.at


Contrary to popular believe and contrary to the apache documentation, it is
currently possible to use name virual hosting over ssl as long as all virtual
hosts share the same ssl-setup (server-certificate, client-certificates, etc).
Using the subjectAltName extension of x509 v3 it is possible for this one
server-certificate to be valid for all ssl-virtual hosts. subjectAltName is
supported at least by current Mozilla browsers and Internet Explorer versions.
Look at http://www.es.net/pub/esnet-doc/SubjectAltName.pdf (found via Google)
for more details.

The setup works perfectly with Apache 2.0.52 (Debian Package), even though
apache complains once per virtual host about the CN of the certificate not
matching ServerName.

Please change the documentation or at least include a hint that subjectAltName
exists, it could be very usefull for small sites. It could also stimulate
browser support for subjectAltName if it became widly known.




------------------------------------------------------------------------------

httpd.conf (only relevent parts)

NameVirtualHost *:80

<VirtualHost *:80>
  # Default
<VirtualHost>

<VirtualHost *:80>
  ServerName asdf.com
</VirtualHost>

SSLCipherSuite CipherSpec:foo
SSLCertificateFile /path/to/CertificateFile
SSLCertificateKeyFile /path/to/KeyFile
# all the other common SSL options

NameVirtualHost *:443

<VirtualHost *:443>
  # Default
  SSLEngine on
<VirtualHost>

<VirtualHost *:443>
  ServerName asdf.com
  SSLEngine on
</VirtualHost>

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org