Some Relevant History of https AltNames

To see how this inclusion page fits in with similar ones, perhaps see one of

Some Relevant History of https AltNames


This section needs more authorative references. And currently makes a few dubious statements.

Perhaps this section is mostly apologetics(sic) for having developed the practice of maintaining many Subject Alternative Names on single https certificates.

The https protocol was changed a few years back so that a single IP address could properly support multiple encryption certificates.

Prior to that, a single IP address would necessarily need to use one particular certificate (public key with additional information) as the basis of the encryption.

To avoid needing a separate IP address for each desired named server, the practice of using more than one (often many) Subject Alternative Names was developed.

This is arguably becoming deprecated, at least for https. (But note that also definitely deprecated is the past practice of using the common name in the certicate as something relevant to the connection; in general now, you want to aim for a certificate with only a single Alternative Name, or perhaps merely a few convenience aliases such as www.domain). The work of determining which certificate to use should be done in the browser virtual host set up. This will simplify certificate maintenance (assuming certbot can be used), and should also make the virtual hosts more independently transportable to different physical servers.

-- AdrianPepper - 20 Oct 2021



This topic IncludeAltNamesHistory is referred to by...
Edit | Attach | Watch | Print version | History: r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r1 - 2021-10-20 - AdrianPepper
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback