22 messages in ru.sysoev.nginxRe: cert handling on redirect of http...
FromSent OnAttachments
Martian AlienSep 8, 2008 10:50 pm 
Igor SysoevSep 8, 2008 11:21 pm 
Martian AlienSep 9, 2008 8:59 pm 
Chris SaverySep 9, 2008 9:31 pm 
Igor SysoevSep 9, 2008 9:42 pm 
Martian AlienSep 11, 2008 12:56 am 
Igor SysoevSep 11, 2008 1:07 am 
Tit PetricSep 11, 2008 1:18 am 
Reinis RozitisSep 11, 2008 1:46 am 
Igor SysoevSep 11, 2008 2:24 am 
Reinis RozitisSep 11, 2008 2:46 am 
Igor SysoevSep 11, 2008 3:17 am 
mikeSep 11, 2008 8:32 am 
Igor SysoevSep 11, 2008 8:45 am 
Reinis RozitisSep 11, 2008 2:59 pm 
Martian AlienSep 11, 2008 5:26 pm 
Igor SysoevSep 11, 2008 11:03 pm 
Manlio PerilloSep 12, 2008 1:51 am 
Adrian PerezSep 12, 2008 2:06 am 
mikeSep 12, 2008 2:14 am 
Reinis RozitisSep 12, 2008 2:35 am 
Igor SysoevSep 12, 2008 4:07 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: cert handling on redirect of https subdomainsActions...
From:Igor Sysoev (is@rambler-co.ru)
Date:Sep 12, 2008 4:07:57 am
List:ru.sysoev.nginx

On Fri, Sep 12, 2008 at 12:35:29PM +0300, Reinis Rozitis wrote:

Interesting. The reason for the limitation makes more sense now. But why do the first *two* virtual domains (example.com and www.example.com) work?

Usually the signed SSL cert contains both domains (Common Name) eg the short example.com and the long www.example.com (at least GoDaddy always adds both even you dont specify that). So basically you get a simple wilcard certificate...( to look up what Common Names you have 'openssl x509 -in filename.crt -noout -text' )

You may be right.

However, I believe GoDaddy is pleasing exception: they use such certificate even on own site. Contrariwise, https://verisign.com and https://thawte.com present www.* certificate versions.

-- Igor Sysoev http://sysoev.ru/en/