Bad SSL cert on pqm.bazaar-vcs.org
John Arbash Meinel
john at arbash-meinel.com
Wed Apr 4 15:15:16 BST 2007
Aaron Bentley wrote:
> The SSL certificate for https://pqm.bazaar-vcs.org is not valid. It
> only applies to *.canonical.com hostnames.
>
> We could fix this by
> 1. Not using https. This is my preference.
> 2. Using a canonical.com hostname. For example, bazaar-pqm.canonical.com
> 3. Getting an SSL certificate for bazaar-vcs.org.
>
> I don't see a need for https, so 1 seems good and 3 seems unwarranted.
> 2 would also be fine with me.
>
> Aaron
I'm not sure why we are using SSL. I like using it when possible, but I
can agree that it isn't really needed for this site.
I believe the #1 reason it is failing is because multiple sites are
being hosted on the same machine:
$ host pqm.bazaar-vcs.org
pqm.bazaar-vcs.org has address 82.211.81.135
$ host pqm.ubuntu.com
pqm.ubuntu.com has address 82.211.81.135
$ host pqm.launchpad.net
pqm.launchpad.net has address 82.211.81.135
And while Apache is happy to serve multiple sites from the same IP, you
can only have 1 SSL certificate for them. (Because the SSL negotiation
is long before the client gets a chance to let the server know what host
it thinks it is connecting to).
So to do (3), they would need a new IP address (and another network card?).
2) would only make sense to me if they were doing the same thing for
ubuntu-pqm.canonical.com, etc.
John
=:->
More information about the bazaar
mailing list