Figure 40 - OU
Here the Common Name is the FQDN of Jetdirect but there is additional information provided in the Organizational Units (OU). This same approach could be used for server farms where there would be several certificates with the same FQDN but differing in their OU values so that they will have separate public/private key pairs and provide better security over a single private key distributed to many servers. However, if the customer is cost sensitive to new SSL certificates, they may wish to take the risk on the private key being stored on multiple machines.
With Virtual Hosting, you have the opposite problem: Many names but only one IP address. This causes a lot of grief, especially for those customers that have problems with getting a valid IP address as well as those who are cost sensitive and require SSL certificates that can be used on the Internet. Here is an example: Let’s assume that you are running a garage sale site on the Internet that allows clients to sign up and sell the stuff they don’t need that is taking up space in their garage. Each user gets their own domain name. You want to use SSL to provide security. For instance, if the site is “example.com” at 192.168.0.250, each user would have something like this:
•hsimpson.example.com maps to 192.168.0.250
•msimpson.example.com maps to 192.168.0.250
•bsimpson.example.com maps to 192.168.0.250
Each person gets their own SSL certificate that has the SubjectAlternativeName set to their corresponding FQDN. Unfortunately, when “msimpson” and “bsimpson” try to use HTTPS,
87