Some resources are only available only via HTTPS. Previously we used a
wildcard certificate, I can't swear that it was ever tested as
working, but we weren't getting any complaints.
Recently browser security has been tightened and RFC 6125 has appeared
and been implemented and proxing of https resources with a naive
wildcard cert no longer works (we're getting complaints and are able
to duplicate the issues).
At https://security.stackexchange.com/questions/10538/what-certificates-are-needed-for-multi-level-subdomains
there is an interesting solution with multiple wildcards in the same
cert:
foo.com
*.foo.com
*.*.foo.com
...
There is also the possibility that we can just grep the logs for every
machine name ever accessed and generate a huge list.
Has anyone tried these options? Successes? Failures? Thoughts?
cheers
stuart
--
...let us be heard from red core to black sky
|