On Wed, Nov 09, 2005 at 12:08:19PM +0100, Maarten Litmaath, CERN wrote:
> On Wed, 9 Nov 2005, Kristof Doms wrote:
>
> > because the certificates get checked by their hostnames, would it be
> > possible to have 2 canonical DNS names sharing the same IP-address and
> > still be OK for the certificate check.
>
> No. Globus will do a reverse DNS lookup of the IP address, which shall
> result in a single canonical hostname, which shall appear in the host
> certificate.
Hmm, I never tried it (with globus) but you might get it working if you
add all hostnames in openssl.cnf (or whatever globus uses).
subjectAltName=DNS:name1.domain,DNS:name2.domain,DNS:name3.someotherdomain
Cheers,
Kostas Georgiou
|