SSL Cert CSR generation and Other Domain Names

velvetpixel · September 5, 2011, 5:49pm

I just purchased a UCC SSL Cert (up to 5 domains) and am about to generate my CSR for it in Virtualmin > Manage SSL Cert > Signing Request and have a couple of questions?

Is the Other Domain Names field where I enter the 4 other domain names I will be covering with this cert? What is the correct syntax for this field?

My main domain for the cert is:

www.example.com

I want my four other domains covered to be:

Is this where I list them?
Are they entered like above (with out the space rows caused by the forum here) or maybe in the following format?

mail.example.com,images.example.com,secure.example.com,beta.example.com

Thanks!

Eric · September 5, 2011, 5:57pm

Howdy,

I would enter those domain names one-per-line in the area you’re looking at.

There’s some additional documentation on how to add that SSL cert to your server here:

http://www.virtualmin.com/documentation/tutorial/how-to-add-multidomain-ssl-certificate

velvetpixel · September 6, 2011, 4:47pm

Thanks Eric!

velvetpixel · September 6, 2011, 7:21pm

OK got the .crt back from godaddy but they provided both the domain.crt and a gd_bundle.crt file.

Which one do I enter in the “Signed SSL certificate” field in Virtualmin for New Cert?

Also here is a little info in case anybody else runs into a similar issue.

This domain already had a 1024 bit self signed cert in place when I created the CSR for the 2048 bit that I need to enter at GoDaddy.

The new virtualmin generated CSR kept failing at GoDaddy with an error that is wasn’t in the 2048 - 4096 range.

To fix this I had to remove the self signed cert and recreate a new self signed cert at 2048.

Then when I generated the CSR to submit to Godaddy for the actual cert was it accepted.

It feels like if you have a 1024 in place that even though you select 2048 in virtualmin that it generates a 1024 if that is what already exists for the domain.

Is this a bug?

Eric · September 6, 2011, 7:26pm

Howdy,

The domain.crt file is your SSL Certificate.

The gd_bundle.crt file is your CA Certificate. There’s a tab for that in the Manage SSL Certificates screen.

-Eric

velvetpixel · September 6, 2011, 9:16pm

Thanks!

OK almost there.

Got the cert and bundle installed through Virtualmin but am running into a weird issue.

The cert is for www.example.com.

It checks if tested here:
http://www.digicert.com/help/

In chrome I am getting the red line through https on any content under www. Even a plain txt file with just the word hello in it.

But if I remove the www in the url and go to that same file I get green!!!

This seems backwards. Could this be an apache issue?

Eric · September 7, 2011, 1:16am

Howdy,

Well, to really be able to help, you’d probably need to post your domain with the certificate in it.

It sounds like the cert is actually for “example.com” rather than “www.example.com”, but we’d need to see it in order to get a better idea as to what’s going on.

-Eric