# File common/lib/symbiosis/domain/ssl.rb, line 295
    def ssl_verify(certificate = self.ssl_x509_certificate, key = self.ssl_key, store = self.ssl_certificate_store, strict_checking=false)

      #
      # Firstly check that the certificate is valid for the domain or one of its aliases.
      #
      unless ([self.name] + self.aliases).any? { |domain_alias| OpenSSL::SSL.verify_certificate_identity(certificate, domain_alias) }
        msg = "The certificate subject is not valid for this domain #{self.name}."
        if strict_checking
          raise OpenSSL::X509::CertificateError, msg
        else
          warn "\t#{msg}" if $VERBOSE
        end
      end

      # Check that the certificate is current
      # 
      #
      if certificate.not_before > Time.now 
        msg = "The certificate for #{self.name} is not valid yet."
        if strict_checking
          raise OpenSSL::X509::CertificateError, msg
        else
          warn "\t#{msg}" if $VERBOSE
        end
      end

      if certificate.not_after < Time.now 
        msg = "The certificate for #{self.name} has expired."
        if strict_checking
          raise OpenSSL::X509::CertificateError, msg
        else
          warn "\t#{msg}" if $VERBOSE
        end
      end

      # Next check that the key matches the certificate.
      #
      #
      unless certificate.check_private_key(key)
        raise OpenSSL::X509::CertificateError, "The certificate's public key does not match the supplied private key for #{self.name}."
      end
     
      # 
      # Now check the signature.
      #
      # First see if we can verify it using our own private key, i.e. the
      # certificate is self-signed.
      #
      if certificate.verify(key)
        puts "\tUsing a self-signed certificate for #{self.name}." if $VERBOSE

      #
      # Otherwise see if we can verify it using the certificate store,
      # including any bundle that has been uploaded.
      #
      elsif store.is_a?(OpenSSL::X509::Store) and store.verify(certificate)
        puts "\tUsing certificate signed by #{certificate.issuer.to_s} for #{self.name}" if $VERBOSE

      #
      # If we can't verify -- raise an error if strict_checking is enabled
      #
      else
        msg =  "Certificate signature does not verify for #{self.name} -- maybe a bundle is missing?"
        if strict_checking
          raise OpenSSL::X509::CertificateError, msg
        else
          warn "\t#{msg}" if $VERBOSE
        end
      end

      true
    end