13 Jun
2003
13 Jun
'03
6:27 a.m.
IE checks the server name against each CN's individually.
I found that by experimentation too. I have VBScript sample on how to generate such a CSR request for IIS using the CryptoAPI. Furthermore, IE does not care if the CNs have different domains. e.g. /CN=www.domain.com/CN=www.domain.net/CN=www.domain.org -or even- /CN=www.domain.com/CN=www.cypherpunks.com/CN=www.microsoft.com You can self-sign such a cert with OpenSSL just fine. Whether you can get a real CA to sign such a thing is another matter. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com