SSL wildcard domains problem

SSL wildcard domains problem

Hello all,

I have a problem understanding ssl certificates. I needed to replace currently owned self signed ssl certificates with the ones from trusted authority. I am working in a university and it has some policies of getting them. I found in a direct admin forum how to generate request:


  /usr/bin/openssl genrsa 2048 > /root/private.key
  /usr/bin/openssl req -new -key /root/private.key > /root/private.csr

for cn I used more than one domain e.g.
Please note that I am using wildcards as well, cause different resellers are using different subdomain pool.
then department responsible for ssl certificates signed certificate and sent me two files –

I copied a key and crt files to /etc/httpd/conf/ssl.crt/ and /etc/httpd/conf/ssl.key/
I followed one tutorial in this forum copying the content of key and crt files to
i am not sure if I did that correctly but chain crt i copied to
I edited also /usr/local/directadmin/data/templates/custom/virtual_host2_secure.conf file specifying correct certificates
when I create a user, in a /usr/local/directadmin/data/users/user1/httpd.conf i see ssl section:


        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/cert-trusted.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/cert-trusted.key
        SSLCertificateChainFile /etc/httpd/conf/ssl.crt/chain-trusted.crt
        SSLCACertificateFile /etc/httpd/conf/ssl.crt/cert-trusted.crt

so here is the problem, when I try to access through firefox I am getting "This Connection is Untrusted" warning on which details I am being told –

Code: uses an invalid security certificate.
The certificate is only valid for
(Error code: ssl_error_bad_cert_domain)

I have been trying to look for how to replace self signed certificates with trusted one which would be used by any site created through DA panel and understand the mechanics of how chain ssl crt works, however unsuccessfully. So I was wondering maybe anybody could give me some tips of how to do it?
Thank you

Comments are closed.