[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [RAQ4r] SSL certificate not for main site name & possibly DNS

Hi,
Sounds like you've done this completely in the wrong order!
The normal way is to first generate the site key, then either you or your
ISP give this to Thawte, and from this they  generate the other part which
you paste onto your GUI.
I'm not sure just how your ISP would have given a site key to Thawte as this
is uniquely generated by the Raq's internal software. If you they did this
part and then you re-did it you have lost the site key and as far as I know
the  certificate is now scrap.

The user guide for the Raq is really easy and well explained to follow on
this area.

Phil

http://www.diygear.com THE Online DIY Toolstore For DIY & Business
Infolink Electronic Systems Ltd. Suppliers of:- PC based Computer Systems,
Peripheral & Hardware, Plus Web Design & Cobalt Raq4 Hosting Solutions
Contact the Sales desk at  infolink@xxxxxxxxxxxxxxx or Tel 0121 458 4894
(office) 0121 441 3558 (home)

> Hi,
>
> Perhaps you can help brighten up a wet & grey London day for me!
>
> My ISP has given me a Thawte certificate, I visited Thwates site
> and got the
> thing but it has been generated for secure.mydomain.com where as my actual
> address is www.mydomain.com. So I've set up secure.mydomain.com
> as it's own
> virtual site via the GUI on the same IP address as the www.mydomain.com
>
> I have read several posts in the archive regarding SSL so I'm
> feeling pretty
> confident I understand the basics, such as I know there can be
> only one cert
> per IP number and despite that the certificate is for the fully qualified
> domain name.
>
> So in a nutshell this is what I've done:
> got the cert from Thawte
> set up a new site for secure.mydomain.com
> went to SSL
> pasted in cert
> chose use manually entered cert.
> Got a error, can't remember the exact phrase, but said basically a
> certificate didn't exist
> So I generated my own,
> then once again pasted in the Thawte cert, this time I got the error
> "The provided certificate does not match the private key."
>
> Hmmm. What private key? I didn't send them anything, I got a
> present from my
> ISP so what am I to do? Go over to my ISP cap-in-hand, or to the
> nice people
> at Thawte to beg for another or is there something I can do?
>
> Additionally I've assumed that I'd need DNS to reach
> secure.mydomain.com so
> I've enabled DNS and have added A records for:
> mydomain.com		xxx.xxx.xx.xx
> www.mydomain.com		xxx.xxx.xx.xx
> secure.mydomain.com	xxx.xxx.xx.xx
> all at the same IP address.
>
> I didn't check "Automatic Reverse Address Record Generation" in any case.
> (Should I?)
>
> I also added MX records, for mydomain.com and www.mydomain.com.
>
> The Primary Name Server (NS) Host Name  for the SOA is www.mydomain.com.
> There isn't a Secondary Name Server.
>
> Now if I go to http://www.mydomain.com everything is as before.
> If I try https://www.mydomain.com/ I got a warning about the certificate
> (which is okay as the cert is for secure.mydomain.com)
> If I try either http://secure.mydomain.com or
https://secure.mydomain.com I
get a "The page cannot be displayed" error.

So does a new DNS record take a while to work or more likely have I got
something wrong...? BTW if you do a trace route to my server it comes up as
server1.mydomain.com.

Another concern is that I would ideally like the admin facility on the main
site to be secure; so could I just add "secure.mydomain.com" to the Web
server alias on the GUI for www.mydomain.com rather than have a separate
virtual site for secure.mydomain.com? Would that have been the better way to
have approached this anyway?

Thanks in advance for your time and help.

Kind regards,
Liam DelaHunty

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users