Open SSL multiple hosts?

Forum Moderators: phranque

Message Too Old, No Replies

Open SSL multiple hosts?

dunnma

5:47 pm on Mar 1, 2011 (gmt 0)

So I have been trying to install an SSL certificate from NetSol for 2 days now. Everytime I install it the browsers balk at it saying it is for a different domain.

So I want to have an ssl certificate for "secure.domain.com" but the browsers are saying it is issued for "www.domain2.com"

www.domain2.com is the FQD in the hosts file. I have tried temporarily changing it to be domain 1, but that did not work.

Here is the command I have been running to this point. Can someone please tell me what I need to modify so that this will work? Basically I never enter "www.domain2.com" during this process, but once I get the .crt back from NetSol, it says the browsers throw that error.

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

Thanks for the help

bakedjake

5:54 pm on Mar 1, 2011 (gmt 0)

So when it asks you for a common name, what do you enter?

dunnma

5:57 pm on Mar 1, 2011 (gmt 0)

I enter "secure.domain.com".

bakedjake

6:49 pm on Mar 1, 2011 (gmt 0)

Can you type out the error you're getting in your browser word for word?

Something doesn't make sense...

dunnma

6:58 pm on Mar 1, 2011 (gmt 0)

Firefox says:

secure.domain1.com uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for www.domain2.com

(Error code: sec_error_untrusted_issuer)

I moved the 3 .crt files, the Apache_Plesk.txt file to a folder on my server. I then installed the following in my .conf:


<VirtualHost *:443>
 ServerName secure.domain1.com
 SSLEngine on
 SSLCertificateFile /etc/ssl/domain1.com/SECURE.DOMAIN1.COM.crt
 SSLCertificateKeyFile /etc/ssl/domain1.com/server.key
 SSLCertificateChainFile /etc/ssl/domain1.com/Apache_Plesk_Install.txt

 DocumentRoot /var/www/html/domain1.com/html
</VirtualHost>

This SSL is a Network Solutions Express SSL.

Thanks for all the help.

dunnma

7:02 pm on Mar 1, 2011 (gmt 0)

I should probably also add that I have dozens of domains on this box, but there is only one in the hosts file (www.domain2.com). All of the rest are just setup in the .conf file.

kingster

6:48 pm on Mar 2, 2011 (gmt 0)

Is the domain that needs to be done via SSL have a unique IP?, one that isn't being shared with any other domain using SSL?

If you have more than one domain that uses SSL, then you need to have a different IP address for the domains to run on.

dunnma

10:49 pm on Mar 2, 2011 (gmt 0)

Thank you for getting back with me. Actually that is sort of the problem.

I changed it to <VirtualHost IP:443/> and it works now. This is the only SSL on the machine.

As it turns out the problem is primarily OpenSSL. I am running CentOS and the only package available for it is 0.9.8e. From what I have been reading 0.9.8k actually addresses the name based problem and I could have left it at <VirtualHost *:443/>.

The only problem now is that apparently there are no packages like that (although several are looking for them). For now though I am good to go. In the future if I do another SSL I will either need to add additional IPs to the server or I will need to upgrade openssl (which is what I would ultimately like to do).

Thanks for the help everyone.