Hi Tim, the CommonName (CN) or subjAltName in X.509 certificates are interpreted very strictly. That means that *.example.com will match foo.example.com and bar.example.com but not foo.bar.example.com because the latter has 4 components in the FQDN while the X.509 certificate only allows 3 components, the first of which is a wildcard.
If you change the hostname of your Graylog web interface to graylog1.timsdomain.com or graylog1-internal.timsdomain.com, it should work as expected. Cheers, Jochen On Thursday, 10 September 2015 10:01:54 UTC+2, Tim Burke wrote: > > > <https://lh3.googleusercontent.com/-fmBnCN1SWR0/VfCNW_TGd4I/AAAAAAAASmc/P-8UzV27PW8/s1600/Screen%2BShot%2B2015-09-09%2Bat%2B15.48.42.png> > > Installed a wildcard ssl cert from GoDaddy on a Graylog all-in-one OVA > I've been playing with. Cert looks to be accepted fine, but when browsing > via SSL I get a cname mismatch. The wildcard SSL is *.timsdomain.com. The > Graylog box is Graylog1.internal.timsdomain.com. The common name served > from Graylog in SSL sessions is *.timsdomain.com where it should be > Graylog1.internal.timsdomain.com. I've looked at every conf file and > everywhere else I could think of, with no luck. Any ideas? > > > > <https://lh3.googleusercontent.com/-376FO_9jaF4/VfCM3nEY5rI/AAAAAAAASmM/E7YL2quFlIU/s1600/Screen%2BShot%2B2015-09-09%2Bat%2B15.43.52.png> > > <https://lh3.googleusercontent.com/-JNn7il-emIw/VfCM6gMl4DI/AAAAAAAASmU/kzsRM7N41Gs/s1600/Screen%2BShot%2B2015-09-09%2Bat%2B15.43.44.png> > > > <https://lh3.googleusercontent.com/-fmBnCN1SWR0/VfCNW_TGd4I/AAAAAAAASmc/P-8UzV27PW8/s1600/Screen%2BShot%2B2015-09-09%2Bat%2B15.48.42.png> > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1de69a45-d85f-45de-999b-54647ae5d627%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
