Godaddy wildcard certs...
Michael Shadle
mike503 at gmail.com
Sat Feb 6 04:15:06 MSK 2010
I'm trying to use a wildcard godaddy cert and having some issues. Once
I changed the openssl CSR request to have "*.domain.com" instead of
"domain.com" now I get an error when trying to start nginx:
[emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/certs/domain.org.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)
Can anyone help?
Here's the commands...
# openssl genrsa 2048 > domain.org.key
Generating RSA private key, 2048 bit long modulus
................+++
.......................+++
e is 65537 (0x10001)
# openssl req -new -key domain.org.key > domain.org.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:.
Locality Name (eg, city) [Newbury]:.
Organization Name (eg, company) [My Company Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:*.domain.org
Email Address []:my at email.com
concatenating them all together:
# cat domain.org.crt gd_bundle.crt > domain.org.pem
I tried a random hostname... Firefox tells me this:
wwww3.domain.org uses an invalid security certificate.
The certificate is only valid for the following names:
domain.org , www.domain.org
(Error code: ssl_error_bad_cert_domain)
this is my config:
server {
listen 80;
listen 10.122.47.104:443 ssl;
server_name domain.org *.domain.org;
root /home/redirects/web/redirects/domain;
index index.php;
location ~ \.php$ {
include /etc/nginx/fastcgi.conf;
fastcgi_pass 127.0.0.1:11030;
}
ssl_certificate /etc/nginx/certs/domain.org.crt;
ssl_certificate_key /etc/nginx/certs/domain.org.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
rewrite ^ /index.php?url=$host last;
}
More information about the nginx
mailing list