From owner-freebsd-questions@FreeBSD.ORG  Fri Mar  1 16:58:17 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 7AE12E3B
 for <freebsd-questions@freebsd.org>; Fri,  1 Mar 2013 16:58:17 +0000 (UTC)
 (envelope-from feld@feld.me)
Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 57F8D9C1
 for <freebsd-questions@freebsd.org>; Fri,  1 Mar 2013 16:58:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me;
 s=blargle; 
 h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:Cc:To:Content-Type;
 bh=AmDk42gG6RruvQnW33xZ7tFr3wfE2lR+wKZR9BktIEk=; 
 b=IxmIejxh37KN8uXKVTk+mBBtHZFelIe9nimNLzMIh3/lP1dBSFdMy4qY57aTCwFfRKvXknpGWFLjzxbuE4+9nnGJ5Gy7hcw+b312GA9r50rfNeoeW5MBcfACcevyH1SU;
Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org)
 by feld.me with esmtp (Exim 4.80.1 (FreeBSD))
 (envelope-from <feld@feld.me>)
 id 1UBTHQ-0001EN-88; Fri, 01 Mar 2013 10:58:16 -0600
Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4)
 with esmtpsa id 1362157069-66552-84087/5/5; Fri, 1 Mar 2013 16:57:49
 +0000
Content-Type: text/plain; format=flowed; delsp=yes
To: Brad Mettee <bmettee@pchotshots.com>
Subject: Re: https://wiki.freebsd.org/ certificate error
References: <5130B651.9030607@a1poweruser.com>
 <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com>
 <CA+g814cd-vZPEXm8T8ExucnHCCxnxj0jxjeaXd9BGfrOdRrzpQ@mail.gmail.com>
 <5130CC82.4000607@a1poweruser.com>
 <op.ws9y9fzx34t2sn@tech304.office.supranet.net>
 <5130DA10.7010904@pchotshots.com>
Date: Fri, 1 Mar 2013 10:57:49 -0600
Mime-Version: 1.0
From: Mark Felder <feld@feld.me>
Message-Id: <op.ws91enh934t2sn@tech304.office.supranet.net>
In-Reply-To: <5130DA10.7010904@pchotshots.com>
User-Agent: Opera Mail/12.13 (FreeBSD)
X-SA-Report: ALL_TRUSTED=-1, KHOP_THREADED=-0.5
X-SA-Score: -1.5
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Mar 2013 16:58:17 -0000

On Fri, 01 Mar 2013 10:40:48 -0600, Brad Mettee <bmettee@pchotshots.com>  
wrote:

> On 3/1/2013 11:11 AM, Mark Felder wrote:
>> On Fri, 01 Mar 2013 09:42:58 -0600, <fbsd8@a1poweruser.com> wrote:
>>
>>> The fact remains, the ms/browsers do find the wiki.freebsd.org  
>>> wedsite's  certificate invalid because the certificate ip address does  
>>> not match the ip address the public dns points to.
>>
>> You can put a certificate on any IP address you want. It's not embedded  
>> into the certificate. For the most part it only matters that the  
>> CommonName on the certificate matches the hostname of the website and  
>> the certificate chain is valid.
>
> And in this particular case, the certificate is for www.freebsd.org and  
> freebsd.org, and the browser is complaining because it's being used on  
> wiki.freebsd.org.
>
> Their certificate should have been issued for *.freebsd.org instead of  
> just the main site name. Unfortunately I think all of the certificate  
> issuers charge big $$$ for that type of cert......
>