1

I am working on a development server that is running only one website example.com, as well as running all of the subdomained user accounts someone.example.com. The server is running CentOS and I have created a self signed wildcard certificate for *.example.com. I have tested this certificate in Firefox as well as Safari and it works great in both browsers, I am able to get access to example.com as well as someone.example.com with no issue once I have accepted the certificate (the popup that says this site may not be safe).

The certificate works for example.com in all browsers, and when I go there (even with IE and Chrome) I am able to accept and install the cerfificate into "Trusted Root Certification Authorities". When I test someone.example.com in Internet Explorer (version 9) and Google Chrome (version 20) I get a page saying "Internet Explorer cannot display the webpage" (IE) and "This web page is not available" (Chrome). I don't even get a popup asking me to accept the certificate.

In the code for someone.example.com I have a statement to force https, but when I remove it the page loads fine as http://someone.example.com (but obviously not securely). This same code is running on the live server though and I do not have any issues accessing both example.com and someone.example.com on the live site with the wildcard ssl certificate that has been purchased.

I have been searching around and have found that similar issues were resolved by removing the certificate and creating a new one so I have done that, but to no avail. I have also tried several times to remove the certificate from IE's cache and reinstalling it manually but that also has not changed anything. I have tested this issue on 1 Windows 7 PC, 1 Windows Vista PC, and 1 Mac; all are giving the same results.

ProdigyProgrammer
  • 415
  • 3
  • 14
  • What web server are you using ? – Manu Clementz Jul 25 '12 at 18:06
  • Is the live cert actually a wildcard cert or does it use the subjectAlternateName extension? That could explain the difference. – John Watts Jul 25 '12 at 18:14
  • I am running LAMP on CentOS, I ran my updates yesterday so everything is up to date as of then. – ProdigyProgrammer Jul 25 '12 at 18:14
  • how would I check the difference? when I go to the certificate in IE it says "Issued to: *.example.com". on the subject entry it says: CN = *.example.com on the subject alternative name entry it says: DNS Name=*.example.com DNS Name=example.com – ProdigyProgrammer Jul 25 '12 at 18:18
  • And both the live cert and testing one have a subject alternative name like that? Sometimes the subject alternative name lists specific subdomains. – John Watts Jul 26 '12 at 00:32
  • ya I just double checked, both the live and the development certificates have the same subject alternative name. – ProdigyProgrammer Jul 26 '12 at 16:41

1 Answers1

3

I've had the same problem before, the way I was able to fix mine was that I:

  1. removed all cookies and cache from my browser
  2. removed the self-signed certificate from my server
  3. rebooted the server itself along with apache
  4. installed a new self-signed certificate
  5. restarted apache again after installation
  6. browsed to the site and accepted the certificate

It seemed as though without the reboot after uninstalling my first certificate attempts there seemed to be a bug within the certificate. Not sure why or how, but it worked for me.