Date: Fri, 1 Mar 2013 10:57:49 -0600 From: Mark Felder <feld@feld.me> To: Brad Mettee <bmettee@pchotshots.com> Cc: freebsd-questions@freebsd.org Subject: Re: https://wiki.freebsd.org/ certificate error Message-ID: <op.ws91enh934t2sn@tech304.office.supranet.net> In-Reply-To: <5130DA10.7010904@pchotshots.com> References: <5130B651.9030607@a1poweruser.com> <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com> <CA%2Bg814cd-vZPEXm8T8ExucnHCCxnxj0jxjeaXd9BGfrOdRrzpQ@mail.gmail.com> <5130CC82.4000607@a1poweruser.com> <op.ws9y9fzx34t2sn@tech304.office.supranet.net> <5130DA10.7010904@pchotshots.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 01 Mar 2013 10:40:48 -0600, Brad Mettee <bmettee@pchotshots.com> wrote: > On 3/1/2013 11:11 AM, Mark Felder wrote: >> On Fri, 01 Mar 2013 09:42:58 -0600, <fbsd8@a1poweruser.com> wrote: >> >>> The fact remains, the ms/browsers do find the wiki.freebsd.org >>> wedsite's certificate invalid because the certificate ip address does >>> not match the ip address the public dns points to. >> >> You can put a certificate on any IP address you want. It's not embedded >> into the certificate. For the most part it only matters that the >> CommonName on the certificate matches the hostname of the website and >> the certificate chain is valid. > > And in this particular case, the certificate is for www.freebsd.org and > freebsd.org, and the browser is complaining because it's being used on > wiki.freebsd.org. > > Their certificate should have been issued for *.freebsd.org instead of > just the main site name. Unfortunately I think all of the certificate > issuers charge big $$$ for that type of cert...... >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.ws91enh934t2sn>