NodeWorx SSL Cert Error

I get this when I go to <http://server.ip/nodeworx> on my box:


There is a problem with this website’s security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website was issued for a different website’s address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.
Continue to this website (not recommended).
More information

etc etc

I have gotten this error for about a year now, and never thought twice about trying to fix it / inquire. Today, I was sitting with a colleague and he mentioned how I really should get to that / fix that, and that it could be my ServerName not being matched in my ssl.conf and httpd.conf files (i believe those are the two conf files he mentioned).

The ssl.conf file was set as :

General setup for the virtual host

DocumentRoot “/var/www/htdocs”
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log

I tried matching the ServerName in the two files (I put domain.tld:443) but that didn’t fix it.

Is this a known/common InterWorx error that’s displayed?

Please advise! Thanks =)

I think the link must be <https://server.ip/nodeworx> or https://server.ip:2443/nodeworx/

Succes

We install a generic, self-signed, SSL certificate for InterWorx, using interworx.info. Without any certificate at all, port 2443 wouldn’t be secure.

You are free to install your own self-signed, or better yet, CA-signed cert. Other clients have posted how they did it. Here are a couple examples:

http://www.interworx.com/forums/showthread.php?t=1905
http://www.interworx.com/forums/showthread.php?t=705

So the error will continue regardless of how I access NodeWorx (directly by IP or https://… as one user suggested) or how my clients access SiteWorx, unless I purchase a 3rd party certificate?

It has nothing to do with the fact that client domains share the same IP as the main domain (that they share the IP with InterWorx)? I ask because I remember reading something once about SSL certificates only working if they are used on a site which has its own dedicated IP.

If none of that matters in this case, any suggestions on a place where to get a cheap SSL certificate for this purpose? =)

Short answer is yes, the first step you need to do is buy a CA-signed cert. But that won’t make the browser warning go away in all cases.

SSL certificates, by nature, are bound a very specific domain name

For example, “www.domain.com” is different than “domain.com”. If you got a CA-signed cert for “www.domain.com”, going to https://www.domain.com would not produce the browser security warning. However, if you instead went to https://domain.com, you would see a browser warning, since “domain.com” doesn’t match “www.domain.com” that’s stored in the SSL cert.

Similarly, say “domain.com” and “www.domain.com” resolves to the IP 1.2.3.4. Going to https://1.2.3.4 would also produce a warning, since “1.2.3.4” doesn’t match “www.domain.com” that’s stored in the SSL cert.

So, once you have a CA-signed cert installed for InterWorx to use, your clients will need to use that URL/domain that has SSL installed, otherwise they will get a browser warning, even if you have a CA-signed cert installed.

Hopefully, I didn’t confuse the issue further. :slight_smile:

Also, here are the two FAQ questions/answers from Apache’s docs about dedicated IP:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2

To address this issue, in InterWorx, we require the account be on a dedicated IP.