cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Created Subject Alternative Names for SSL but getting invalid certificate

We have purchased 5 Standard UCC SSL. We wanted to use SSL for our 5 other domains (not purchased via GoDaddy), but only the first is working (and also it seems like its a primary domain). For other domains, we created Subject Alternative Names (SANs) but browser says invalid certificate. What are we mistaking ? Any idea ?

 

Thanks

 

T

12 REPLIES
Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA

I'm wondering if you are using the self-signed certificates @AvanzaPayment? If I had to guess I'd say that you are using cPanel? Often addon domains are given self-signed certificates. You should delete the self-signed certificates and setup your UCC SSL ones. Check out Installing third-party SSLs on cPanel accounts. Let me know if I read your issue correctly and if that was helpful? 

 

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: SNA

Dear @rd

 

Thanks for the reply. We are using dedicated VMs where we have installed Apache environment, so there is no cPanel. Everything is managed by us manually. There were no self signed certs.

 

 

Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA

The three common issues I tend to see for SSL errors are website uses a self-signed certificate, intermediate certificate(s) not installed and certificate name 'mismatch' error. Now I'm wondering what the exact error is @AvanzaPayment? Usually the error can point you in the direction of the issue? 

 

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: SNA

Dear RD

 

It just says, the certificate is invalid for the SAN I created. Also, when I see the certificate in the browser it shows the primary domain, while when I created the SAN, i properly created the CSR for the related domain.

 

Example: The primary domain I can see in UCC panel is "foodsinn.com" and its certificate is working fine.

 

Now I created a SAN for "husn-e-zan.com" and submitted its CSR and when I downloaded its certificate and installed in Apache, it said invalid certificate and in certificate it shows the "foodsinn.com".

 

Is there anything Im missing here ?

 

Thanks

Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA

I'm assuming you followed a so something like Generate a CSR (certificate signing request)? Are you forcing SSL using a Redirect HTTP to HTTPS automatically or equivalent method?

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: SNA

Yes I created exactly (for Apache on Centos 7).

 

Right now I'm not redirecting. Just testing HTTPS separately. But again, the problem is with new SANs, the first one I created (which seems like  primary domain) works fine. Not sure if my understanding with SAN is what my requirement is. Because whenever I download cert after new SAN csr, the certificate contains primary domain and hence it is rejected and browser say invalid.

 

Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA

So all of these websites are on the same hosting @AvanzaPayment? You're not creating a new SAN every time are you? Check out Adding or dropping Subject Alternative Names from UCC certificates. What should happen is you should be adding the desired SAN under your primary domain. When you go and setup a SAN SSL follow Download my SSL certificate files and Install SSL certificates. Sorry for the nonspecific links but I wanted others to be able to find their OS as well. Did that get you fixed?

 

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: SNA

@rd Yes, all the web sites are on same hosting server.

 

Primary domain is "foodsinn.com". So, for the other web site domain I created a  SAN for "husn-e-zan.com" and it was hosted on the same server. But, what I don't understand is, why every time it gives me "FoodsInn.com" certificate and why not for my SAN "husn-e-zan.com" ? Shouldn't they work in this way ?

 

Thanks.

 

Arfeen

Re: SNA

Also, could you please give me an example how SAN is work for UCC SSL ?

 

Thanks

 

Arfeen

Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA

Looking at your domains specifically @AvanzaPayment what I notice is that you only have one other domain listed as a SAN and that is your primary domain with a www. prefix. You need to add/list your other desired domains in the same way you listed your prefix primary domain. Does that make sense? 

 

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head

Re: SNA

Let's get back to the basic thing.

 

To my understanding

 

SNA (Subject Alternative Name) == A Domain

 

Is this right ? Is my understanding of SNA correct ?

Pro Community Founder Artisan Pro Community Founder Artisan
Pro Community Founder Artisan

Re: SNA


@AvanzaPayment wrote:

Let's get back to the basic thing.

 

To my understanding

 

SNA (Subject Alternative Name) == A Domain

 

Is this right ? Is my understanding of SNA correct ?


Yes, but as the name implies they are subject. In this case that means under the rule of another domain name. 

 

...turns out that my two cents is worth less or more depending on the current exchange rate.

roy darling *my posts seem a lot shorter in my head