Without having seen the certificate itself to know how it was
created, but using my knowledge of SSL certs I'll see if I can help
clear this up... The certificate does not have to be specific to the
address, but rather to the hostname... Where this can lead to problems
is on dynamic addresses or static ones that resolve differently for
forward and reverse DNS... In this situation the cert should be for the
hostname which can be resolved to an IP address that matches the one
the machine uses... This way if you have to change your IP address of
that machine as long as the hostname is still valid the cert is still
valid...
Unfortunately the server I had setup a test CA and working
with X.509 certs for the various server daemons as well as my IPSec
tunnels crashed, so I don't have that to work from. If you would like
some help off-list for your particular situation I would be glad to
offer whatever assisstance I can provide.
Respectfully,
Jeremy T. Bouse
On Thu, Sep 20, 2001 at 04:31:10PM +0200, Makaveli wrote:
> I've got ipop3d-ssl installed from the Woody archive. All works fine, but
> one thing...
> If I check mail with a Outlook Express Client with SSL than I get an
> "Internet Security Warnig"
> Which says the following:
> The server you are connected to is using a security certificate that does
> not match its internet
> address.
> Do you want to continue using this server.
> [Yes] [No]
>
> If I click on Yes everything goes fine, but I don't like that warning. How
> can I make a certificate
> for my IP address?
>
> I have got two nic's
> Eth0 => internet (212.204.x.x)
> Eth1=> Lan (192.168.x.x)
>
> Thanks in advance
>
> Makaveli
>
