SSL on download1.rpmfusion.org
Stuart D. Gathman
stuart at gathman.org
Sun Sep 25 01:28:14 CEST 2016
On Sat, 24 Sep 2016, Kevin Kofler wrote:
> Nicolas Chauvet wrote:
>> letsencrypt doesn't provide wildcard, and that will be a different
>> server (so a different cert).
>
> It doesn't allow wildcards, but it allows you to give up to 100 SANs
> (subject alternative names) for a certificate (the canonical one and 99
> more). So you can use the same cert for all *.rpmfusion.org subdomains
> (unless there are more than 100), but of course you don't have to.
They verify all the SANs for free certs by reading a cookie from the
website, and that would be impossible for a wildcard. So the SAN list
is really the only way it could be done for that level of verification.
Also, letsencrypt only signs ICANN domains - mainly because they use
the ICANN root to verify the domains. (I.e. they won't help with .bit
domains among others.)
--
Stuart D. Gathman <stuart at gathman.org>
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.
More information about the rpmfusion-developers
mailing list