SSL setup question

By default, web sites are created with a ServerName of… however, 99% of the time people really use to access a web site…

The problem is in the SSL certificate request/generation… if I specify a CN of then I’ll get browser certificate errors because the domain ( in the users browser does not match the certificate (…

However, if I generate a cert with a CN of then the browser warnings go away but then Apache has warnings about the CN not matching the servername…

It seems like the real solution is to use a ServerName that is and create a ServerAlias for, which is opposite what Interworx does…

Any thoughts?


Another option is just to redirect all requests to www via .htaccess, like so:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^ [NC]
RewriteRule ^(.*)$$1 [R,L]

That way, if someone goes to, they’re redirected right away to and if they hit a secure page, the www will already be there an no cert warning.

But the Apache warning message will still exist because the CN for the certificate is generated as… but the server name is

The only solution I can see is to make the ServerName so it matches the CN certificate request. This way Apache doesn’t complain and the users browser doesn’t complain… as well as it doesn’t carry the expense of a redirect which will virtually always be made…

Unless there’s an obvious reason I’m missing for the ServerName being set just to vs I’m completely baffled why Interworx would choose to set things up this way… I mean, is the web server name… is the domain name and can carry ftp services, email, etc…

Anyway, the workaround is change the server name to in so that you can add the SSL certficate properly and play nicely with Interworx… then switch the ServerName back to and bounce your web server… all works perfectly after that, and no redirect or warnings anywhere…


Cliff, what exact apache warning are you referring to, and where are you seeing it?

[SIZE=2]In domain error.log: [Thu Jun 29 12:38:26 2006] [warn] RSA server certificate CommonName (CN) `’ does NOT match server name!?[/SIZE]
[SIZE=2]This error goes away after changing ServerName to match cert CN name… which makes sense…[/SIZE]

The other option is to just make a subdomain called or similar.

Also bit similair problem here, the panel only allows me to make cert. request for, but the one I want is for If a is installed, it will still give a warning to the visitor when going to

What happens when you try to make the cert for As far as I know it shouldn’t stop you.


From the siteworx client menu -> SSL Certs, if chosen and then “Install CA Signed Cert”, if won’t give me the option for which hostname. it will automaticly take “www.<siteworx domain>”.

Actually, it will just give me the CSR, and when that is pasted to (for instance) GeoTrust, or SBSsecure, it will read www.<domain> since that is inside the CSR.


On this issue - how does one then use the new WILDCARD certs to secure all subdomains of a given domain - should help in this scenario.

One of the alledged benefits of iworx is the ability to still hack. What I fear with reading this thread is the idiots guide to server hosting coming up which forces all operations through the finite state machine logic of the developers and that is not always what is needed in the wild.

Can one safely bypass the entire iworx cert buisness and do it by hand without problems down the track?