[OFB Cafe] SSL

[Kris Deugau]

Derek Broughton wrote:
> I'm no expert on certificates, but I thought it shouldn't matter.  aiui, you 
> purchase a certificate for a domain, and then you can use that as the 
> authority for any number of certificates you want to create.

Nope, that costs *big* bucks.

See here, for instance:

http://www.geotrust.com/products/ssl_certificates/georoot.asp

I haven't looked at the bare technical requirements for chaining
certificates like that (never mind the requirements Geotrust imposes as
above), but I would guess the certificate has to be set up in a very
specific way that is very different for how an endpoint single-hostname
or wildcard cert is set up.

-kgd
-- 
Get your mouse off of there!  You don't know where that email has been!