Kunden Cert für Subdomain - Problem

    @MuhKuh


    The problem is not due to SNI. It's more simple... The SSL certificate is wrong for the subdomain. I wait the log for confirmation. ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support
    Quote from Nuxwin

    @MuhKuh


    The problem is not due to SNI. It's more simple... The SSL certificate is wrong for the subdomain. I wait the log for confirmation. ;)


    Yes, I have seen the posts after writing mine :D But I am confused... If there is no vhost created then when accessing the subdomain shouldn't he be redirected to the admin panel vhost and not even see the content of the subdomain? Would also explain why the admin panel cert is returned.

    @MuhKuh


    Default vhost rule ;) He must have SSL on the panel too ;) And yes, without the vhost file, he should be redirected on defaut vhost (SSL) which is the panel I bet ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    Default vhost rule would not show the subdomain content, but I asked before if the browser really directs him to the subdomain content. He said yes...


    Anyway, lets wait for the log :D

    Quote from Nuxwin

    @MuhKuh


    The problem is not due to SNI. It's more simple... The SSL certificate is wrong for the subdomain. I wait the log for confirmation. ;)


    sorry for my late, i could not find the log because it has been named shop.log instead of shop.domain.tld

    Code
    1. n Sep 15 20:57:43 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl rsa -in /var/www/imscp/gui/data/certs/shop.l$
    2. [Mon Sep 15 20:57:43 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 0
    3. [Mon Sep 15 20:57:43 2014] [debug] iMSCP::Execute::execute: Executing command: /usr/bin/openssl verify -CAfile /var/www/imscp/gui/data/certs$
    4. [Mon Sep 15 20:57:43 2014] [debug] iMSCP::Execute::getExitCode: External command exited with value 2
    5. [Mon Sep 15 20:57:43 2014] [debug] iMSCP::OpenSSL::ssl_check_cert: /var/www/imscp/gui/data/certs/shop.clientdomain.pem: C = GB, ST = Greater Ma$
    6. error 2 at 1 depth lookup:unable to get issuer certificate

    @fulltilt


    As you can see here, the certificate is wrong ;)


    Quote from fulltilt

    [Mon Sep 15 20:57:43 2014] [debug] iMSCP::OpenSSL::ssl_check_cert: /var/www/imscp/gui/data/certs/shop.clientdomain.pem: C = GB, ST = Greater Ma$
    error 2 at 1 depth lookup:unable to get issuer certificate


    Look like a missing or wrong intermediate certificate ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support
    Quote from Nuxwin


    As you can see here, the certificate is wrong ;)


    yes, you're right :-)
    also found another ssl subdomain on this server which is working w/o any problems ...
    I will complain about it @ comodo, I have checked the submitted key and crt and there is no problem.


    thank you guys !!!

    @fulltilt


    Before any complaint, you should check the certificate chain. Give me a root and panel access and the needed informations (eg, directory where I can find the certificate, the key and the ca bundle) ;)

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    found this in their email to the customer:

    Code
    1. To help reduce domain name mismatch warnings, we have also included the domain
    2. name www.shop.domain.tld in your certificate.


    but the common name which I used for the crt and key was shop.domain.tld w/o www.
    could this be the problem?