Welcome! Log In Create A New Profile

Advanced

Re: Godaddy wildcard certs...

February 05, 2010 11:46PM
How did you create /etc/ssl/certs/any.domain.com.crt?

Happen to have your openssl commands or whatever you did to generate
your CSR/etc there?

Thanks, I have the same cert type, it's nice to know it's working. Not
sure why it isn't for me.




On Fri, Feb 5, 2010 at 7:07 PM, Nick Pearson <nick.pearson@gmail.com> wrote:
> Sorry I don't have a lot to add, but I thought it worth mentioning
> that I just bought and configured a GoDaddy wildcard SSL certificate a
> couple weeks ago, and it's working without any issues.  I bought the
> low-end ($199/yr) wildcard cert, in case that matters.  I'm running
> nginx-0.8.29.
>
> Here's my config:
>
> server {
>  listen       1.2.3.4:443;
>  server_name  *.domain.com;
>  ssl  on;
>  ssl_certificate      /etc/ssl/certs/any.domain.com.crt;
>  ssl_certificate_key  /etc/ssl/private/any.domain.com.key;
>  ...
> }
>
> >From what Firefox says, it almost sounds like GoDaddy gave you a
> non-wildcard cert.  (I believe all their non-wildcard certs are valid
> for both domain.com and www.domain.com.)
>
> Again, this likely isn't much help other than knowing that someone
> else has this working.
>
> Nick
>
>
>
> On Fri, Feb 5, 2010 at 7:15 PM, Michael Shadle <mike503@gmail.com> wrote:
>> I'm trying to use a wildcard godaddy cert and having some issues. Once
>> I changed the openssl CSR request to have "*.domain.com" instead of
>> "domain.com" now I get an error when trying to start nginx:
>>
>> [emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/certs/domain.org.key")
>> failed (SSL: error:0B080074:x509 certificate
>> routines:X509_check_private_key:key values mismatch)
>>
>> Can anyone help?
>>
>> Here's the commands...
>>
>>
>> # openssl genrsa 2048 > domain.org.key
>> Generating RSA private key, 2048 bit long modulus
>> ................+++
>> .......................+++
>> e is 65537 (0x10001)
>>
>> # openssl req -new -key domain.org.key > domain.org.csr
>> You are about to be asked to enter information that will be incorporated
>> into your certificate request.
>> What you are about to enter is what is called a Distinguished Name or a DN.
>> There are quite a few fields but you can leave some blank
>> For some fields there will be a default value,
>> If you enter '.', the field will be left blank.
>> -----
>> Country Name (2 letter code) [GB]:US
>> State or Province Name (full name) [Berkshire]:.
>> Locality Name (eg, city) [Newbury]:.
>> Organization Name (eg, company) [My Company Ltd]:.
>> Organizational Unit Name (eg, section) []:.
>> Common Name (eg, your name or your server's hostname) []:*.domain.org
>> Email Address []:my@email.com
>>
>>
>> concatenating them all together:
>>
>> # cat domain.org.crt gd_bundle.crt > domain.org.pem
>>
>>
>> I tried a random hostname... Firefox tells me this:
>>
>> wwww3.domain.org uses an invalid security certificate.
>>
>> The certificate is only valid for the following names:
>>  domain.org , www.domain.org
>>
>> (Error code: ssl_error_bad_cert_domain)
>>
>>
>> this is my config:
>>
>> server {
>>   listen 80;
>>   listen 10.122.47.104:443 ssl;
>>   server_name domain.org *.domain.org;
>>   root /home/redirects/web/redirects/domain;
>>   index index.php;
>>   location ~ \.php$ {
>>      include /etc/nginx/fastcgi.conf;
>>      fastcgi_pass 127.0.0.1:11030;
>>   }
>>   ssl_certificate /etc/nginx/certs/domain.org.crt;
>>   ssl_certificate_key /etc/nginx/certs/domain.org.key;
>>   ssl_protocols SSLv3 TLSv1;
>>   ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
>>   rewrite ^ /index.php?url=$host last;
>> }
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Godaddy wildcard certs...

mike February 05, 2010 08:18PM

Re: Godaddy wildcard certs...

Nick Pearson February 05, 2010 10:14PM

Re: Godaddy wildcard certs...

mike February 05, 2010 11:46PM

Re: Godaddy wildcard certs...

Mark Moseley February 06, 2010 12:06AM

Re: Godaddy wildcard certs...

Peter Leonov February 06, 2010 12:08AM

Re: Godaddy wildcard certs...

mike February 06, 2010 12:14AM

Re: Godaddy wildcard certs...

mike February 06, 2010 12:10AM

Re: Godaddy wildcard certs...

Nick Pearson February 06, 2010 12:22AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 178
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready