From owner-freebsd-questions@FreeBSD.ORG  Fri Mar  1 16:45:03 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 2F041AC0
 for <freebsd-questions@freebsd.org>; Fri,  1 Mar 2013 16:45:03 +0000 (UTC)
 (envelope-from bmettee@pchotshots.com)
Received: from mail.pchotshots.com (mail.pchotshots.com [12.172.123.237])
 by mx1.freebsd.org (Postfix) with ESMTP id BE119925
 for <freebsd-questions@freebsd.org>; Fri,  1 Mar 2013 16:45:02 +0000 (UTC)
Received: (qmail 93861 invoked by uid 89); 1 Mar 2013 16:41:02 -0000
Received: from unknown (HELO ?12.172.123.228?)
 (bmettee@pchotshots.com@12.172.123.228)
 by mail.pchotshots.com with ESMTPA; 1 Mar 2013 16:41:02 -0000
Message-ID: <5130DA10.7010904@pchotshots.com>
Date: Fri, 01 Mar 2013 11:40:48 -0500
From: Brad Mettee <bmettee@pchotshots.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
CC: freebsd-questions@freebsd.org
Subject: Re: https://wiki.freebsd.org/ certificate error
References: <5130B651.9030607@a1poweruser.com>
 <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com>
 <CA+g814cd-vZPEXm8T8ExucnHCCxnxj0jxjeaXd9BGfrOdRrzpQ@mail.gmail.com>
 <5130CC82.4000607@a1poweruser.com>
 <op.ws9y9fzx34t2sn@tech304.office.supranet.net>
In-Reply-To: <op.ws9y9fzx34t2sn@tech304.office.supranet.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2013 16:45:03 -0000

On 3/1/2013 11:11 AM, Mark Felder wrote:
> On Fri, 01 Mar 2013 09:42:58 -0600, <fbsd8@a1poweruser.com> wrote:
>
>> The fact remains, the ms/browsers do find the wiki.freebsd.org 
>> wedsite's  certificate invalid because the certificate ip address 
>> does not match the ip address the public dns points to.
>
> You can put a certificate on any IP address you want. It's not 
> embedded into the certificate. For the most part it only matters that 
> the CommonName on the certificate matches the hostname of the website 
> and the certificate chain is valid.

And in this particular case, the certificate is for www.freebsd.org and 
freebsd.org, and the browser is complaining because it's being used on 
wiki.freebsd.org.

Their certificate should have been issued for *.freebsd.org instead of 
just the main site name. Unfortunately I think all of the certificate 
issuers charge big $$$ for that type of cert......


-- 
Brad Mettee