Is there such thing as a multi-host security certificate?

Is there such thing as a multi-host security certificate?

am 26.07.2007 00:50:12 von laredotornado

Hi,

Is there such thing as a multihost security certiciate? Here's what I
want to do: I have several domains (mydomain1.com, mydomain2.com,
mydomain3.com) all pointed at the same IP. We are running an Apache 2
web server on some kind of Linux system. Since Apache can only
install one security certificate, it would be great if that cert could
represent the three different domains and be from a trusted certiciate
authority.

Does anyone know of any?

Thanks, - Dave

Re: Is there such thing as a multi-host security certificate?

am 29.07.2007 07:19:18 von technoweener

Check out VeriSign's latest:
http://www.verisign.com/products-services/security-services/ identity-protection/authentication.html


laredotornado@zipmail.com wrote:
> Hi,
>
> Is there such thing as a multihost security certiciate? Here's what I
> want to do: I have several domains (mydomain1.com, mydomain2.com,
> mydomain3.com) all pointed at the same IP. We are running an Apache 2
> web server on some kind of Linux system. Since Apache can only
> install one security certificate, it would be great if that cert could
> represent the three different domains and be from a trusted certiciate
> authority.
>
> Does anyone know of any?
>
> Thanks, - Dave
>

Re: Is there such thing as a multi-host security certificate?

am 14.08.2007 17:29:28 von david20

In article <1185403812.903490.149460@i13g2000prf.googlegroups.com>, "laredotornado@zipmail.com" writes:
>Hi,
>
>Is there such thing as a multihost security certiciate? Here's what I
>want to do: I have several domains (mydomain1.com, mydomain2.com,
>mydomain3.com) all pointed at the same IP. We are running an Apache 2
>web server on some kind of Linux system. Since Apache can only
>install one security certificate, it would be great if that cert could
>represent the three different domains and be from a trusted certiciate
>authority.
>

If you were talking about mutiple hostnames within a single domain ie

myhost1.mydomain.com, myhost2.mydomain.com, myhost3.mydomain.com

then you could get a wildcard certificate for mydomain.com.


In this case it looks like the only solution would be to request a
certificate utilising the SubjectAltName extension

For an example extract from an openssl config file see

http://www.mail-archive.com/openssl-users@openssl.org/msg434 17.html

which shows the SubjectAltname setup for a certificate for www.acme.com,
www.acme.org, www.acme.net

It appears that Entrust supports SubjectAltName certificates for this purpose
(though possibly only one extra name) with their Advantage certificates

see

http://www.entrust.net/knowledge-base/technote.cfm?tn=6722

Other trusted CAs may now be starting to support the SubjectAltName extension.


David Webb
Security team leader
CCSS
Middlesex University


>Does anyone know of any?
>
>Thanks, - Dave
>