ssl on domain.com, how to use on subdomain.domain.com

jetx86

jetx86

Perch
i have a self-generated ssl cert on domain.com, but when i try to generate one for sudomain.domain.com i get 'duplicate private key' .. and when i try 'import cert' nothing really happens... i paste the 2 fields, but when i hit submit or whatever, 'doesn't work'(tm)

how do i use it on subdomain.domain.com ?
 
no i didn't think of it as an error... just pebkac :)

so to do this i should submit a ticket?

tia
ctl
 
ok... i just tried to post a ticket on cerebus, but... (you know)

/me waits to see if it shows up

edit
ah here we go... ID: BPV-95468-341
 
I added a test sub-domain and was able to enable SSL support with no problems.
 
http://linux. you seem to know where .com/files/ssl-error.jpg :)

i get this trying to browse your test subdomain

this is the error i get, but... i get it when trying to create/assign/import/whatever the cert, and hsphere doesn't seem to wanna do it. :(

edit
i found a free cert place, probably from a link here but i forget... i can just use one of those i reckon. not a really big thing...
edit2
or i could take it off domain.com and put one on www.domain.com and subdomain.domain.com maybe... it would be nice to just be able to plop down one cert for many though.
 
Yes the certificate is invalid as it shows in your screenshot. This is so because it is signed by "Hsphere" that is no CA. It is just for temporary/testing purpose. Thus it is always recommended to get a permanent certificate for production use.
By free cert do you mean cacert.org?
 
yes cacert.

that's not what i get when i browse https://domain.com/

i get the unrecognized cert authority, would you like to import/trust it... 3 radio buttons, top one imports it.

the popupbox on https://domain.com/ is totally different. of course i already told ff to trust it... lemme untrust it and repost a screenie of it too
 
gah... Service Temporarily Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

trying to access you know where... :(

but it's because i have previously accepted the cert for domain.com that it borks on subdomain.domain.com ...

i cleared the cert out of ff and redid https://test.domain.com/ , got the unknown ca... normal. (the 3 radio buttons)
 
Deepak was correcting an issue on control panel causing this error for a min.
Yes the screenshot looks ok to me.
 
but, the ssl-error one is diff, due to the cert already being imported in my browser.

must be the way certificates work ?

ah but, when try to generate one in the subdomain cp, i get the error...

edit
fhdsiouhfpsodaugfuiscbxjc

works now.
gah.
:/

thanks for your time? :)

ctl
 
no it doesn't work. ssl-error.jpg again

edit
but it generated the cert fine. that works. just trying to browse the site doesn't.

ff complains about the cert's serial #
 
jetx86 said:
no it doesn't work. ssl-error.jpg again

edit
but it generated the cert fine. that works. just trying to browse the site doesn't.

ff complains about the cert's serial #
Click to expand...
This is expected and clearing FF's cache may resolve this again for you until you visit any of these sites again. This is all related to temporary certificates being in use.
 
yeh i suspect using 'real' certs on a per domain/subdomain basis will work.

but why is the serial number the same....

or is it that:

if a customer wants ssl, he'd better buy himself a domain, or be happy with the shared ssl?
 
tanmaya said:
Yes SSL certificates expect serials not to match, but being no CA, Hsphere doesnt keep track.
Probably you visited your https://domain.com?
Click to expand...

yes i did and that's where i accepted the cert originally. then i deleted it in the browser and accepted test.domain.com's.

however, https:// only worked on the one i had accepted at the time, and the browser refused to even show me the other site.

edit
i hate misspelling stuff :)
 
jetx86 said:
yeh i suspect using 'real' certs on a per domain/subdomain basis will work.

but why is the serial number the same....
Click to expand...
Technically they miss "-set_serial" parameter causing this issue that is specific to Firefox it seems.

jetx86 said:
if a customer wants ssl, he'd better buy himself a domain, or be happy with the shared ssl?
Click to expand...
This is always better and choice between them depends on your needs.
 
You must log in or register to reply here.
Back
Top