[Chugalug] Odd EPB Behavior

flushy at flushy.net flushy at flushy.net
Mon Mar 3 22:22:53 UTC 2014


Quoting Dave Brockman <dave at brockmans.com>:

>> I'd have to test that, though.
>
> Does HTTP even do a RDNS lookup?  If you want the cert valid when you
> access via IP address, the IP address needs to be either the CN or in


I just ran a quick test (and you are correct):

[preparation]
create two certs using my CA:

cert1=CN=home-server-name
cert2=CN=192.168.1.1

each server cert is a pair of server.pem and server.key, were key is  
an RSA 1024 bit key.

[server command]
openssl s_server -CAfile cacert.pem -cert server.pem -key server.key  -www -4

[urls]
url1=https://home-server-name:4433/
url2=https://192.168.1.1:4433/

[results]
URL            CERT       RESULT
============== ========== ============
url1           cert1      OK
url2           cert1      WARNING
url1           cert2      WARNING
url2           cert2      OK

--b





More information about the Chugalug mailing list