为什么没有子域的站点允许使用通配符证书?
0 security ssl ssl-certificate
*.company.com的通配符证书不应对company.com有效.但familysearch.org使用通配符证书*.familysearch.org.
Chrome,Firefox,IE,wget和curl都没有抱怨它.为什么?有趣的是,cfhttp确实抱怨.谁是对的?
卷曲片段:
* Server certificate:
* subject: C=US; postalCode=84150; ST=Utah; L=Salt Lake City; street=50 East North Temple Street; O=Intellectual Reserve Inc.; OU=PremiumSSL Wildcard; CN=*.familysearch.org
* start date: 201
* expire date: 201
* subjectAltName: familysearch.org matched
* issuer: C=G
* SSL certificate verify ok.
Chrome屏幕截图:
cfhttp错误:
Charset [empty string]
ErrorDetail I/O Exception: Name in certificate `*.familysearch.org' does not match host name `familysearch.org'
Filecontent Connection Failure
Header [empty string]
Mimetype Unable to determine MIME type of file.
Responseheader struct [empty]
Statuscode Connection Failure. Status code unavailable.
Text YES