Using certificates for shared hosting accounts.
Posted: Fri Jun 05, 2009 8:09 am
Hi,
I was reading the RFC 3546 and I noticed something interesting I was not aware of earlier:
This is feature is welcome, however, as far as I can see from Firefox's source code, I do not see this implemented
. Firefox simply opens the handshake and specifies the IP address, gets the proper certificate and keys, initializes the connection to a name-based virtual host and notices it does no match and popups and an ugly error of domain mismatch. I actually understand this, Transport Layer Security (TLS) Extensions is not a standard way of doing the things, but rather an extension to the standard TLS. I just hope this becomes implemented in mainstream web browsers (as well as in the web hosts) in the future.
I was reading the RFC 3546 and I noticed something interesting I was not aware of earlier:
It seems that TLS Extensions allows the use of a name-based virtual host within the handshake portion. This means that if the client and the server supports this, we could use non-wildcard certificates for shared hosting accounts like this: https://my-shared-hosting-account.com/Allow TLS clients to provide to the TLS server the name of the
server they are contacting. This functionality is desirable to
facilitate secure connections to servers that host multiple
'virtual' servers at a single underlying network address.
This is feature is welcome, however, as far as I can see from Firefox's source code, I do not see this implemented