Scott Hanselman

Some Trouble with Wildcard SSL Certificates, FireFox and RFC2818

March 20, '07 Comments [11] Posted in ASP.NET
Sponsored By

When working on a non-finance website recently, the client wanted to include the username as the subdomain, to give the user more of a sense of "my site." So, Fred gets https://fred.foo.com as his address.

The client purchased a very expensive (US$500) "Wildcard SSL Certificate" for https://*.foo.com and it works fine.

Some trouble happened when a staging site was introduced. Now we're looking at https://fred.staging.foo.com for the URL.

This works fine in FireFox 2 as seen in this screenshot:

But IE7 really doesn't like it. Your first reaction might be to get mad at IE7, "those jerks! They never follow the spec."

However, according to RFC2818 with emphasis mine (Thanks Eric Lawrence!):

Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.

When I visit *.foo.com with IE7, it works fine, per spec.

My conclusion here is that FireFox 2 is out of spec with RFC2818. I wonder if this is known by the FireFox team? Am I missing something?

In our case, we'll need to either have wildcard certificate that covers both *.foo.com and *.staging.foo.com (the latter in the SubjectAltName field).  If a CA won’t issue us such a certificate for whatever reason, we'll need to buy two different wildcard certificates ($$), and also host staging.foo.com on a different port or IP address, since the Server Name Indicator TLS extension is not broadly available at this point, and hence you cannot reliably use two different certificates for the same endpoint. Again, thanks to EricL for helping explain this.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Review: Microsoft LifeCam NX-6000

March 20, '07 Comments [7] Posted in Reviews | Tools
Sponsored By

Yes, it's got a silly name. Not the LifeCam part, that's pretty cool actually. The VX-6000 part I could do without.

It clips to the top of your flat panel or laptop. The left side has a retractable mechanism that brings the lens in and out. The Microsoft logo lights up when the camera is on - a nice subtle indicator that you're rolling.

It's a 2MP camera, so that means 1600x1190 max actual pixels. It'll interpolate to 7.6MP but don't be fooled, it's all software. That said, it takes a perfectly fine picture of a whiteboard, so I leave it clipped to my laptop all the time in order to document meetings.

The camera has a decent enough microphone built in, a smidge better than the one built into my laptop. As an alternative, there's a LifeChat ZX-6000 that's the same hardware as the Xbox Wireless Communicator. I just picked up a Xbox Wireless Receiver for Windows for $19 that let's me use the Xbox one to chat on the Windows box. Works fantastic as a team and costs me less.

This is a fantastic little camera and I'm happy with the purchase. I particularly like that is has a wide(r) view aspect so you can see more, rather than the fish-eye kind of lense that so many webcams have these days.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Tiny USB Keychain Drives

March 20, '07 Comments [3] Posted in Tools
Sponsored By

I just picked up a few of these super-tiny USB drives as gifts for US$14.50 for 2 gigs it's a heck of a deal, the ones that are smaller than a VERY small stick of gum.

As one of the reviewers on Amazon said: "[If you were] carrying top secret KGB documents on this drive, you could easily swallow it and recover it later with little or no discomfort."

Personally, I've got an OCZ Mini-Kart, but this one is about 40% smaller. When will it end? How much smaller could this possibly be? Probably just the metal contacts by themselves.

The Mini-Kart has been a very good little drive, if a bit slow. The Sony MicroVault is well -thought off also, and is fast enough for ReadyBoost. The KingMax is now available up to 4gb and is also wicked small. Atwood likes the Transcend, but they are a little slow also.

Here's the lineup: 

 

 

Be sure to encrypt your drives if you store anything sensitive on them! I discussed this and TrueCrypt in my 2006 New Year's Resolution Post.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Vista Sticky Notes and other updated Applets

March 20, '07 Comments [18] Posted in Musings
Sponsored By

I was poking around Windows Vista today, seeing if there was anything I missed...here's a few bits of niceness that made me smile. There's a number of updated Applets that are pretty slick, while others haven't changed.

Sticky Notes is meant for use with TabletPCs (or PCs with Wacom Tablets) and includes voice note recording.

They've finally updated Sound Recorder...bummer that the little chart is gone. It saves only WMAs now, not WAVs.

The Clock Applet that comes up when you single-click the time is completely new, with shiny clock art, and the ability to have multiple clocks in different time zones. This is almost worth the price of admission. ;)

Calculator is the same. Lame! They could have done so much!

They did give it a new icon, though. Someone worked hard on that icon, I say.

The On-Screen Keyboard is for accessibility (and I'm sure it will come in useful one day when I have only a mouse and no keyboard and lots of typing to do) but it's not sizable/scaleable, the fonts are poorly anti-aliased, poorly centered, and apparently there wasn't enough room for the "i" in Shift."

I sure like the Windows Features stuff...makes locking a system down a lot easier when I'm in YAGNI mode.

What other Applets have had makeovers?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

How to adjust your side/rear-view mirrors (and why you need 3 monitors)

March 19, '07 Comments [23] Posted in Musings
Sponsored By

While I was at the Eleutian offices last week I was impressed at their commitment to the multi-monitor lifestyle. I'm all about the Third Monitor (in case you haven't heard, it's one better than just two monitors) as are others. If you value your time, you should think about getting the widest view possible.

The Dell 30-inch is amazing...they each had a Dell 30" widescreen at 2560x1600 pixels, but they also had what appeared to be two 22" widescreen's also, rotated and butted up against the 30" so their horizontal working space was 1050+2560+1050=4660 pixels wide. Glorious. I turned them on to (I hope) RealtimeSoft's must-have Ultramon multimonitor tool. They were running x64, and Ultramon has a 64-bit version, so that was cool.

I have a 22" Dell, so I might get another, plus the 30" to achieve this orientation when we build the Ultimate Developer Rig.

A few days later, I hung out with John Lam some, and while we were driving somewhere, mentioned that he'd taken an Advanced Driving Class with BMW and recommended to anyone, even folks without German Cars. (I drive a little Prius, by the way, and intend to until it dies by the side of the road, at which point I'll get out and continue on walking...)

He said that one of the greatest driving tips they shared that he swears by is radically (to me at least) readjusting your rear view mirror on your cars to completely remove blind spots.

I'm used to turning my whole head (and body) to look to the left or right when changing lanes. We were taught that the way to adjust your rearview mirrors was to make the side of your car just barely visible in the rearview mirror. I've always taken that orientation of mirrors for granted.

Typical rear-view mirror configuration

Typical rear-view mirror configuration looks something like this (please forgive the Paint.NET-ness of this rough non-vector sketch):

There's a great deal of duplication/overlap between what is seen in the main mirror versus what's in the side-mirrors.

The idea is:

  • Turn the side-view mirrors out so that when a car leaves the view of the center mirror, it's just begun to show up in the side mirror.
  • When the car begins to leave the side mirror - moving up your left side for example - it's just begun to enter your own peripheral vision.

Optimal rear-view mirror configuration

Apparently amongst car enthusiasts a well-adjusted rear-view mirror is a known deal, but it sure turned my life upside-down. It takes a while to get used to, but when you're adjusted correctly, you literally have no blind spots.

Bringing it all back home, this of course, applies to multiple monitors, IMHO. Why not fill your field of vision with as much information as possible...otherwise what might you be missing?

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by SherWeb

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.