[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Subject: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
From: "Liam DelaHunty" <mail@xxxxxxxxxxxxxxxxx>
Date: Wed Oct 24 02:58:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

Perhaps you can help brighten up a wet & grey London day for me!

My ISP has given me a Thawte certificate, I visited Thwates site and got the
thing but it has been generated for secure.mydomain.com where as my actual
address is www.mydomain.com. So I've set up secure.mydomain.com as it's own
virtual site via the GUI on the same IP address as the www.mydomain.com

I have read several posts in the archive regarding SSL so I'm feeling pretty
confident I understand the basics, such as I know there can be only one cert
per IP number and despite that the certificate is for the fully qualified
domain name.

So in a nutshell this is what I've done:
got the cert from Thawte
set up a new site for secure.mydomain.com
went to SSL
pasted in cert
chose use manually entered cert.
Got a error, can't remember the exact phrase, but said basically a
certificate didn't exist
So I generated my own,
then once again pasted in the Thawte cert, this time I got the error
"The provided certificate does not match the private key."

Hmmm. What private key? I didn't send them anything, I got a present from my
ISP so what am I to do? Go over to my ISP cap-in-hand, or to the nice people
at Thawte to beg for another or is there something I can do?

Additionally I've assumed that I'd need DNS to reach secure.mydomain.com so
I've enabled DNS and have added A records for:
mydomain.com		xxx.xxx.xx.xx
www.mydomain.com		xxx.xxx.xx.xx
secure.mydomain.com	xxx.xxx.xx.xx
all at the same IP address.

I didn't check "Automatic Reverse Address Record Generation" in any case.
(Should I?)

I also added MX records, for mydomain.com and www.mydomain.com.

The Primary Name Server (NS) Host Name  for the SOA is www.mydomain.com.
There isn't a Secondary Name Server.

Now if I go to http://www.mydomain.com everything is as before.
If I try https://www.mydomain.com/ I got a warning about the certificate
(which is okay as the cert is for secure.mydomain.com)
If I try either http://secure.mydomain.com or https://secure.mydomain.com I
get a "The page cannot be displayed" error.

So does a new DNS record take a while to work or more likely have I got
something wrong...? BTW if you do a trace route to my server it comes up as
server1.mydomain.com.

Another concern is that I would ideally like the admin facility on the main
site to be secure; so could I just add "secure.mydomain.com" to the Web
server alias on the GUI for www.mydomain.com rather than have a separate
virtual site for secure.mydomain.com? Would that have been the better way to
have approached this anyway?

Thanks in advance for your time and help.

Kind regards,
Liam DelaHunty

Follow-Ups:
- RE: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
  - From: Phil Beynon
- Re: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS
  - From: flash22

Prev by Date: [cobalt-users] List email reply problem..
Next by Date: Re: [cobalt-users] Custom 404 error page
Previous by thread: [cobalt-users] List email reply problem..
Next by thread: RE: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index