1

I generate my ssl keys via openssl use this commands:

openssl req -passin pass:3a1b -new -key server.key -out server.csr;
cp server.key server.key.org;
openssl rsa -passin pass:3a1b -in server.key.org -out server.key;
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt;

Also i add my localdomain as Common Name set to *.localdomain.sweb. but when user accept certification for domain www.localdomain.sweb domains another.localdomain.sweb also need to be accepted.

How can i set all sub domains as valid certificate when user accept main domain certificate.

Mohammad Hossein Fattahizadeh
  • 471
  • 1
  • 9
  • 27
  • What do you mean by "*when user accept[s] certification for domain ... [another] domain also need[s] to be accepted*"? – MadHatter May 11 '14 at 08:22
  • 1
    I think they mean "when user accepts the self-signed certificate despite its being self-signed" – Jenny D May 12 '14 at 07:51

1 Answers1

2

The answer is simple: DO NOT USE SELF-SIGNED CERTIFICATES.

Your users' browser is (quite correctly) insisting that they accept an invalid (self-signed/unknown authority) certificate for each domain. This is because the browser has no way of knowing that the certificate they're accepting for www.localdomain.sweb is also valid for another.localdomain.sweb (because there's no valid signing authority attesting to the certificate).

If you acquire a proper certificate signed by a recognized certificate authority (or alternatively establish your own CA and distribute its public key to your clients as a recognized certificate authority) the browser will trust it for all domains in the wildcard, because it's properly signed, and therefore duly authorized (since presumably the CA performed some validation before issuing the certificate).

voretaq7
  • 79,879
  • 17
  • 130
  • 214