Went to renew my EV cert for a domain of mine, but was too late to renew, so I had to start all over with a new CSR and install a new cert. I decided to just go with a QuickSSL Premium this time. I used the www.domainname.com for the common name, but when I went to GeoTrust for the new SSL cert and pasted the new CSR, the warning appeared that www.domainname.com was not the ServerName. The only way I could get past the CSR submission was by dropping the www in the CSR, and submit for domainname.com only. The cert I want to install will cover the sans name of either domainname.com or www.domainname.com, but interworx doesn’t want to play. Interworx simply uses domainname.com as ServerName in the vhost config. Is there a work-around for this, or is this a bug with interworx?
Hi 127.0.0.1
I’m sorry, I just tried our EV cert, and all looks well.
We used domain.url for creation, and it covers www…domain.url as well common so our EV works on both, I just checked to be sure.
Do you mean when you reference your www. it is not correctly showing as secured by your EV.
I believe myself it should as it should not matter if you used www or domain when creating CSR.
Many thanks
John
If you create the CSR with domainname.com, the sans won’t allow the www and serve it securely, but if you do the CSR with www, then you can’t generate the cert. catch 22. i am no longer on EV. this is a QuickSSL Premium. Don’t know if that matters, but interworx won’t generate a www.domainname.com CSR that is usable by GeoTrust. Make sense? This is what is showing on my SSL screen (notice that no www is specified):
Installed SSL Certificate Overview
[TABLE=“class: iw-table, width: 671”]
[TR=“class: row1 ruler, bgcolor: #FFFFFF”]
[TD=“class: iw-w-xs”]Domain:[/TD]
[TD]domain.com[/TD]
[/TR]
[TR=“class: row2 ruler, bgcolor: #EEEEEE”]
[TD=“class: iw-w-xs”]Alternate Domains:[/TD]
[TD]domain.com[/TD]
[/TR]
[TR=“class: row1 ruler, bgcolor: #FFFFFF”]
[TD]Company:[/TD]
[TD][/TD]
[/TR]
[TR=“class: row2 ruler nowrap, bgcolor: #EEEEEE”]
[TD]Issued By:[/TD]
[TD]GeoTrust DV SSL CA - G4[/TD]
[/TR]
[TR=“class: row1 ruler nowrap, bgcolor: #FFFFFF”]
[TD]Issued On:[/TD]
[TD]2015-01-03 04:03:19[/TD]
[/TR]
[TR=“class: row2 ruler nowrap, bgcolor: #EEEEEE”]
[TD]Expires On:[/TD]
[TD]2017-01-07 14:18:54[/TD]
[/TR]
[/TABLE]
When I look at my vhost_domain.com.conf file, the www is not in there as ServerName, hence the mismatch error (the www is not found when GeoTrust goes to generate the cert). Why is there no www in vhost?
Hi 127.0.0.1
I am inclined to think this is an issue with quickssl and not IW.
I believe you have no www reference in vhost as it is likely to be a Cname in DNS, pointing to domain.url. Our SSL domains are like this, and no issues from our CA in generating cert.
If quickssl are checking A records, then the easy answer would be to delete your cname and create A record,
I’m sorry, beyond that I have no way to test using quickssl, as we do not use them for SSL, but hopefully another user may post who does use them for SSL
I hope that helps a little
Many thanks
John
Hi 127.0.0.1
I’m sorry, I was on total wrong track, thinking DNS and not apache
You should have a www in vhost, so why you do not I’m not sure. I will though, check one of my vhost to be 100% sure and if not shown in vhost, post to let you know
Have you added the www in vhost and tested with geotrust
Many thanks
John
Yes I have added the www to vhost, but it breaks Siteworx on the SSL page. Wierd. In a pink box at the top of the page it shows "You need a dedicated IP to implement SSL " . So, by adding a www to vhost, after the fact, iworx doesn’t play well. Sure wish I could get this working because I have some hard-coded legacy script on this site that still uses www in the url’s and throws a browser flag. It would be impractical to try to go in and change all the links to relative links.
Hi 127.0.0.1
Many thanks, and there’s a couple of questions
what IW version are you using
Have you turned on SNI, nodeworx, server, settings, towards bottom of page
I checked last night against one of our vhost, with SSL and www is shown under the alias header, so I’m thinking if you added you www into vhost and it appears in alias as well, then I would expect a SSL failure.
If you delete your www added and restart httpd, can you reference https://www from a browser correctly
I suspect you would be able to
I hope that helps
Many thanks
John
john, thanks. yeah, the SSL cert had to be reissued by the vendor. all is well now. i had originally requested the cert as a non-www cert. after regenerating the cert using the www, and completely re-doing the cert with the vendor, i was able to get it to work for both www and non-www. prob was not with iworx.
Hi 127.0.0.1
I’m glad it’s sorted and fully working.
Just a little point, which I think you cannot get sha1 now, but did you generate a sha2 SSL.
If not, I would strongly advise you do, as sha1 will be kicking up warnings very soon
Sorry if you already knew this
Many thanks
John