Hi,

(Maybe I should label this question "How to use a wildcard server
certificate"?).

We bought an SSL server certificate on the domain "*.company.com" in an
intention to use it on several sub-domain hosts.

When trying to fetch from host "xxx.test.company.com", wget gives an error
like:

ERROR: certificate common name `*.company.com' doesn't match requested host
name `xxx.test.company.com'.
To connect to xxx.test.company.com insecurely, use `--no-check-certificate'.

So far I couldn't find an explanation on why this is wrong - I though (based
on what I read in the explanation of the certificate provider) that the
certificate can be used directly by any HTTP server under that domain. This
is also what I get from Googl'ing about this.

I use NameVirtualHost and there is only one web site on this particular
server:

NameVirtualHost xxx.test.company.com:443
<VirtualHost xxx.test.company.com:443>
    SSLEngine on
    SSLCipherSuite HIGH:MEDIUM:EXP:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM:+EXP
    SSLCertificateFile /etc/httpd/certs/_.threatmetrix.com.crt
    SSLCertificateKeyFile /etc/httpd/certs/threatmetrix.com.key
    SSLCertificateChainFile /etc/httpd/certs/gd_intermediate_bundle.crt
..

The server is CentOS 5 and Apache 2.2.3.

Trying to browse this page from Fireforx doesn't pop up any warning.
Browsing from IE 7 on Windows XP gives a warning page with: "The security
certificate presented by this website was issued for a different website's
address"

So what am I missing?

Thanks,

--Amos

Reply via email to