SSL wildcard domains problem

SSL wildcard domains problem

Hello all,

I have a problem understanding ssl certificates. I needed to replace currently owned self signed ssl certificates with the ones from trusted authority. I am working in a university and it has some policies of getting them. I found in a direct admin forum how to generate request:

Code:

  /usr/bin/openssl genrsa 2048 > /root/private.key
  /usr/bin/openssl req -new -key /root/private.key > /root/private.csr


for cn I used more than one domain e.g.
*.subdomain1.domain.com
*.subdomain2.domain.com
*.subdomain3.domain.com
Please note that I am using wildcards as well, cause different resellers are using different subdomain pool.
then department responsible for ssl certificates signed certificate and sent me two files –
cert-trusted.crt
chain-trusted.crt

I copied a key and crt files to /etc/httpd/conf/ssl.crt/ and /etc/httpd/conf/ssl.key/
I followed one tutorial in this forum copying the content of key and crt files to
/usr/local/directadmin/conf/cacert.pem
/usr/local/directadmin/conf/cakey.pem
i am not sure if I did that correctly but chain crt i copied to
/usr/local/directadmin/conf/carootcert.pem
I edited also /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf file specifying correct certificates
when I create a user, in a /usr/local/directadmin/data/users/user1/httpd.conf i see ssl section:

Code:

        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/cert-trusted.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/cert-trusted.key
        SSLCertificateChainFile /etc/httpd/conf/ssl.crt/chain-trusted.crt
        SSLCACertificateFile /etc/httpd/conf/ssl.crt/cert-trusted.crt


so here is the problem, when I try to access https://subdomain3.domain.com through firefox I am getting "This Connection is Untrusted" warning on which details I am being told –

Code:

subdomain3.domain.com uses an invalid security certificate.
The certificate is only valid for subdomain1.domain.com
(Error code: ssl_error_bad_cert_domain)


I have been trying to look for how to replace self signed certificates with trusted one which would be used by any site created through DA panel and understand the mechanics of how chain ssl crt works, however unsuccessfully. So I was wondering maybe anybody could give me some tips of how to do it?
Thank you
Simonas

Comments are closed.