Godaddy wildcard certs...

Michael Shadle mike503 at gmail.com
Sat Feb 6 04:15:06 MSK 2010 

I'm trying to use a wildcard godaddy cert and having some issues. Once
I changed the openssl CSR request to have "*.domain.com" instead of
"domain.com" now I get an error when trying to start nginx:

[emerg]: SSL_CTX_use_PrivateKey_file("/etc/nginx/certs/domain.org.key")
failed (SSL: error:0B080074:x509 certificate
routines:X509_check_private_key:key values mismatch)

Can anyone help?

Here's the commands...


# openssl genrsa 2048 > domain.org.key
Generating RSA private key, 2048 bit long modulus
................+++
.......................+++
e is 65537 (0x10001)

# openssl req -new -key domain.org.key > domain.org.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:.
Locality Name (eg, city) [Newbury]:.
Organization Name (eg, company) [My Company Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:*.domain.org
Email Address []:my at email.com


concatenating them all together:

# cat domain.org.crt gd_bundle.crt > domain.org.pem


I tried a random hostname... Firefox tells me this:

wwww3.domain.org uses an invalid security certificate.

The certificate is only valid for the following names:
  domain.org , www.domain.org

(Error code: ssl_error_bad_cert_domain)


this is my config:

server {
   listen 80;
   listen 10.122.47.104:443 ssl;
   server_name domain.org *.domain.org;
   root /home/redirects/web/redirects/domain;
   index index.php;
   location ~ \.php$ {
      include /etc/nginx/fastcgi.conf;
      fastcgi_pass 127.0.0.1:11030;
   }
   ssl_certificate /etc/nginx/certs/domain.org.crt;
   ssl_certificate_key /etc/nginx/certs/domain.org.key;
   ssl_protocols SSLv3 TLSv1;
   ssl_ciphers ALL:-ADH:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP;
   rewrite ^ /index.php?url=$host last;
}

More information about the nginx mailing list