W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: SNI Support

From: bergi <bergi@axolotlfarm.org>
Date: Fri, 29 Apr 2011 00:56:33 +0200
Message-ID: <4DB9F0A1.7010801@axolotlfarm.org>
To: Andrei Sambra <andrei@fcns.eu>
CC: Henry Story <henry.story@bblfish.net>, WebID XG <public-xg-webid@w3.org>
Andrei, I would expect that your server doesn't use SNI, because your
certificate uses the common name *.fcns.eu. I think the IE had/has
problems with wildcard common names. Perhaps also safari doesn't like
these certificates. You are already using the alternative name for
fcns.eu. You could try to add your other subdomains to avoid problems.

SNI at all is a big topic for the WebID acceptance. For a real decentral
social network WebID must also reach small installations which are
currently using shared hosting services. The alternative name of the
certificate is workaround which works for servers like the one I am
sharing with some friends. But this requires a single owner of all
domains on the same IP. Clearly this doesn't work for shared hosting
services.

Am 28.04.2011 23:58, schrieb Andrei Sambra:
> I just opened a ticket with my hosting provider. It looks like the CA
> bundle file is not loaded (ignored). This file contains the certificate
> of the intermediary CA (AlphaSSL). However, I'm not entirely sure that
> this is the cause of your problems, Henry.
> 
> Andrei
> 
> 
> On Thu, 2011-04-28 at 23:33 +0200, Henry Story wrote:
> 
> 
>> Yes, that is very useful to know. If I understand correctly
>> https://openid4.me/ runs with SNI. Andrei does https://auth.fcns.eu/
>> also run SNI?
>>
> 
> 
> 
> 
> 
Received on Thursday, 28 April 2011 22:56:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC