Page 1 of 1

Using certificates for shared hosting accounts.

Posted: Fri Jun 05, 2009 8:09 am
by kaisellgren
Hi,

I was reading the RFC 3546 and I noticed something interesting I was not aware of earlier:
Allow TLS clients to provide to the TLS server the name of the
server they are contacting. This functionality is desirable to
facilitate secure connections to servers that host multiple
'virtual' servers at a single underlying network address.
It seems that TLS Extensions allows the use of a name-based virtual host within the handshake portion. This means that if the client and the server supports this, we could use non-wildcard certificates for shared hosting accounts like this: https://my-shared-hosting-account.com/

This is feature is welcome, however, as far as I can see from Firefox's source code, I do not see this implemented :(. Firefox simply opens the handshake and specifies the IP address, gets the proper certificate and keys, initializes the connection to a name-based virtual host and notices it does no match and popups and an ugly error of domain mismatch. I actually understand this, Transport Layer Security (TLS) Extensions is not a standard way of doing the things, but rather an extension to the standard TLS. I just hope this becomes implemented in mainstream web browsers (as well as in the web hosts) in the future.

Re: Using certificates for shared hosting accounts.

Posted: Fri Jun 05, 2009 12:06 pm
by mikemike
That'd be handy. Lazy swines.