SSL port multiplexer (SSH, OpenVPN, HTTPS on one port)
torriem at gmail.com
Wed Aug 16 20:11:30 MDT 2017
On 08/16/2017 01:49 PM, Lonnie Olson wrote:
> On Wed, Aug 16, 2017 at 1:28 PM, Michael Torrie <torriem at gmail.com> wrote:
>> If you need to have more than one name (hostname) on a certificate, the
>> mechanism is the "subject alternate name" field. This is supported by
>> most browsers, most ssl clients, and you can sign such certs using Let's
>> Encrypt, which supports SAN. Not all registrars let you sign a cert with
> Considering that Google Chrome specifically requires a SAN on certificates ,
> I imagine that all certificate authorities support SANs.
> 1. https://support.google.com/chrome/a/answer/7391219?hl=en
Good to know. At one time a free cert provider (now defunct and has been
dropped from all major browsers) would certainly not sign a cert with
more than one SAN for sure.
I suppose if I were big brother and were trying to track down illicit
internet use I probably would look at the cert and see if the SANs
listed any suspicious hostnames like vpn!
More information about the PLUG