0

Hi apologies if this has been asked before but i didn't find a clear cut example.

Lets assume the following scenario, I've a third party server, "sub.example.com" that has a CNAME pointing to a third party provider, "thirdparty.com".

Now when i access, "https://sub.example.com" i receive a certificate mismatch error as the certificate we're accessing is for "thirdparty.com". However, when i access "http://sub.example.com" i don't receive any error and the am redirected to the 3rd party provider. How do i go about installing a valid SSL certificate on "sub.example.com" provided i don't have access to "thirdparty.com" at all.

Yasmeen Ali
  • 1
  • Web server is configured incorrectly; likely the correct certificate isn't configured properly. You can associate the host name with IP any way you want (CNAME, A, wildcard A and even wildcard CNAME), PKI won't bother unless you have IP directly in the SAN field of the certificate, which could hardly be your case. It only bothers to check whether the host name you use matches something in the certificate sent by the server you are communicating with, no matter how you managed to access it. To help further we need to see your, supposedly wrong, web server configuration. – Nikita Kipriyanov May 29 '23 at 05:27
  • 1
    And, if you don't have access to that web server "at all", we can't help, "at all". Then this is off topic on ServerFault. Ask the operators of "thirdparty.com" for the resolution, it's their duty. – Nikita Kipriyanov May 29 '23 at 05:37
  • Does this answer your question? [How do I add an SSL certificate to a CNAME?](https://serverfault.com/questions/883983/how-do-i-add-an-ssl-certificate-to-a-cname) – Steffen Ullrich May 29 '23 at 05:49
  • Not really, some more context if this might be useful, the records are set something like, enterpiseenrollment.example.com CNAME EnterpriseEnrollment-s.manage.microsoft.com Microsoft won't help me and won't provide any resources i can refer to. Just to clarify, the Microsoft subdomain has a valid SSL certificate of its own. I can't figure out how to include my subdomain "sub.example.com" in this certificate or even install a certificate on this as it has no web server or anything running on it. – Yasmeen Ali May 29 '23 at 05:57
  • 1
    i found the following which is a similar case, [here](https://serverfault.com/questions/857893/how-to-manage-https-for-cnames-of-different-domains-on-my-domain-different-one). So from what i understand, my 3rd party would have to accommodate for my certificate and i would have to provide them with one – Yasmeen Ali May 29 '23 at 06:24
  • As I said, ask operators of your "third party". – Nikita Kipriyanov May 29 '23 at 07:04

0 Answers0