Date: Fri, 01 Mar 2013 11:40:48 -0500 From: Brad Mettee <bmettee@pchotshots.com> Cc: freebsd-questions@freebsd.org Subject: Re: https://wiki.freebsd.org/ certificate error Message-ID: <5130DA10.7010904@pchotshots.com> In-Reply-To: <op.ws9y9fzx34t2sn@tech304.office.supranet.net> References: <5130B651.9030607@a1poweruser.com> <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com> <CA%2Bg814cd-vZPEXm8T8ExucnHCCxnxj0jxjeaXd9BGfrOdRrzpQ@mail.gmail.com> <5130CC82.4000607@a1poweruser.com> <op.ws9y9fzx34t2sn@tech304.office.supranet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/1/2013 11:11 AM, Mark Felder wrote: > On Fri, 01 Mar 2013 09:42:58 -0600, <fbsd8@a1poweruser.com> wrote: > >> The fact remains, the ms/browsers do find the wiki.freebsd.org >> wedsite's certificate invalid because the certificate ip address >> does not match the ip address the public dns points to. > > You can put a certificate on any IP address you want. It's not > embedded into the certificate. For the most part it only matters that > the CommonName on the certificate matches the hostname of the website > and the certificate chain is valid. And in this particular case, the certificate is for www.freebsd.org and freebsd.org, and the browser is complaining because it's being used on wiki.freebsd.org. Their certificate should have been issued for *.freebsd.org instead of just the main site name. Unfortunately I think all of the certificate issuers charge big $$$ for that type of cert...... -- Brad Mettee
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5130DA10.7010904>