0

I have a .com site that is https with a Comodo certificate via Dreamhost. I also have https://cdn.domain.com with a unique ip address to make it play nice with MaxCDN. The site is run in two languages with WPML (WordPress Multilingual Plugin) and .nl is an alias (Dreamhost calls it site mirroring ) to .com. WPML makes sure all posts in NL are loaded with the .nl domain. Just upgraded WPML to a new system so perhaps that is the issue but I doubt it.

When I opened domain.nl in Firefox just now I had:

domain.nl uses an invalid security certificate.
The certificate is not trusted because it is self-signed. 
The certificate is only valid for sni.dreamhost.com 
(Error code: sec_error_unknown_issuer)

I decided to request for a new certificate. In Chrome using https://domain.nl I still see a self signed non verified Certificate error. So even though it is Comodo verified now I still get this error..

Server Alias with SSL Certificate Server hostname

My question is, is this adding of a certificate really necessary as .nl is just an alias of .com ? Is there no option to make an alias run without certificate errors on top of a host with a SSL Certificate?

rhand
  • 264
  • 2
  • 5
  • 23
  • Waiting for feedback from Dreamhost. If I do add the "self signed" certificate and continue I see ` We apologize for the inconvenience. Please contact the webmaster/ tech support immediately to have them rectify this. So it seems more certificate tweaking is still necessary. error id: "bad_httpd_conf" ` – rhand Oct 26 '14 at 13:44
  • I was told a new hosting package has to be added so working with a server alias might need changing as it won't work as @Steffen Ullrich said. Will adjust the question. – rhand Oct 27 '14 at 07:30
  • @Michael Rephrased the question to make it more about the workings of server aliases with SSL certificates running on the main hostname. Hope this more of a professional and clearer question – rhand Oct 27 '14 at 07:37
  • Are you sure the client you are using supports SNI? – kasperd Oct 27 '14 at 10:40
  • @kasperd http://wiki.dreamhost.com/Secure_Hosting#Costs_and_Requirements : "As we have added SNI (Server Name Indication) secure hosting can be set up on domain/sub-domain using its shared IP address. However, if you're going to be running an eCommerce application we strongly recommend that you do add a unique IP address to provide maximum compatibility." If you refer to client as browser client. Firefox and Chrome do support SNI as well as – rhand Oct 27 '14 at 10:50
  • Sorry, but _end users of shared web hosting_ doesn't fall under professional system administration. – Michael Hampton Oct 27 '14 at 16:10

1 Answers1

2

How should the client (browser) know, that .nl is an alias of .com? Because this is not defined anywhere you need to explicitly specify this by having this information inside the certificate, that is use a certificate which is valid for all your domains you own at the same time.

Steffen Ullrich
  • 13,227
  • 27
  • 39