[pubcookie-users] Wildcard Certificates under PubCookie 3.2.1
Nathan Dors
dors at cac.washington.edu
Tue Jun 21 09:27:52 PDT 2005
I don't think the keyclient handles wildcard certificates from the
keyserver, unless ... well, it looks like you might be able to use
the login_host variable like this:
# ssl config
ssl_key_file: /etc/httpd/conf/ssl.key/server.key
ssl_cert_file: /etc/httpd/conf/ssl.crt/server.crt
# keyclient-specific config
keymgt_uri: https://devbox.burgiss.com:2222
ssl_ca_file: /etc/httpd/conf/ssl.crt/ca-bundle.crt
login_host: *.burgiss.com
And even that's doubtful. I think where we intended to support
wildcards is in the certificate presented to the keyserver.
-Nathan
On Mon, 20 Jun 2005, Andy Fundinger wrote:
> I sow some debate in the archives about whether wildcards should work,
> what is the current answer? I'm getting an error from keyclient:
>
> certificate presented isn't the key server: *.burgiss.com !=
> devbox.burgiss.com
>
> And keyserver is logging (level 3):
>
> Jun 20 18:51:33 devbox keyserver[28258]: SSL_read() failed
>
> Any ideas?
>
> Andy Fundinger
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>
More information about the pubcookie-users
mailing list