I have a problem understanding ssl certificates. I needed to replace currently owned self signed ssl certificates with the ones from trusted authority. I am working in a university and it has some policies of getting them. I found in a direct admin forum how to generate request:
/usr/bin/openssl genrsa 2048 > /root/private.key
/usr/bin/openssl req -new -key /root/private.key > /root/private.csr
for cn I used more than one domain e.g.
Please note that I am using wildcards as well, cause different resellers are using different subdomain pool.
then department responsible for ssl certificates signed certificate and sent me two files –
I copied a key and crt files to /etc/httpd/conf/ssl.crt/ and /etc/httpd/conf/ssl.key/
I followed one tutorial in this forum copying the content of key and crt files to
i am not sure if I did that correctly but chain crt i copied to
I edited also /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf file specifying correct certificates
when I create a user, in a /usr/local/directadmin/data/users/user1/httpd.conf i see ssl section:
so here is the problem, when I try to access https://subdomain3.domain.com through firefox I am getting "This Connection is Untrusted" warning on which details I am being told –
subdomain3.domain.com uses an invalid security certificate.
The certificate is only valid for subdomain1.domain.com
(Error code: ssl_error_bad_cert_domain)
I have been trying to look for how to replace self signed certificates with trusted one which would be used by any site created through DA panel and understand the mechanics of how chain ssl crt works, however unsuccessfully. So I was wondering maybe anybody could give me some tips of how to do it?