[jdev] virtual hosting and certificate checking

JD Conley jd.conley at coversant.net
Wed Mar 1 12:50:56 CST 2006

> address. Naturally we'll need to clarify this in rfc3920bis, but my
> question now is: how do existing clients and servers handle this?

We do this on the server side with a separate cert for each domain --
even conference, users, and other sub-domains used in s2s. Some client
software packages present a warning when certificates aren't correct
(domain mismatch, etc) but many do not and just use the certificates for
encryption, not authentication.

-JD Conley

More information about the JDev mailing list