SSL port multiplexer (SSH, OpenVPN, HTTPS on one port)

Michael Torrie torriem at gmail.com
Wed Aug 16 20:11:30 MDT 2017


On 08/16/2017 01:49 PM, Lonnie Olson wrote:
> On Wed, Aug 16, 2017 at 1:28 PM, Michael Torrie <torriem at gmail.com> wrote:
>> If you need to have more than one name (hostname) on a certificate, the
>> mechanism is the "subject alternate name" field.  This is supported by
>> most browsers, most ssl clients, and you can sign such certs using Let's
>> Encrypt, which supports SAN. Not all registrars let you sign a cert with
>> SANs.
> 
> Considering that Google Chrome specifically requires a SAN on certificates [1],
> I imagine that all certificate authorities support SANs.
> 
> 1. https://support.google.com/chrome/a/answer/7391219?hl=en

Good to know. At one time a free cert provider (now defunct and has been
dropped from all major browsers) would certainly not sign a cert with
more than one SAN for sure.

I suppose if I were big brother and were trying to track down illicit
internet use I probably would look at the cert and see if the SANs
listed any suspicious hostnames like vpn!


More information about the PLUG mailing list