Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd July 2012, 09:40
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 64 Times in 47 Posts
Default SSL Certificate - Hostname & CNAME

Hello everyone

I'm planing to buy (a) new SSL cert(s) for my server(s).

Since I already had problems once, this time I wanna go sure to order it the right way.

My primary question is
All servers have hostnames like: service.server.mydomain.tld, so for example:
mail.alpha.mydomain.tld, web.beta.mydomain.tld etc.

However, I want the certs to be valid for another domain, pointing with a CNAME record to them:

cp.anotherdomain.tld -> web.beta.mydomain.tld

The cert should be valid for cp.anotherdomain.tld then.

So the questions is now, how to do that?
First of all, the provided does allow an unlimited amount of servers.

1 problem is, that all of them have different hostnames
2 problem is, that not all of them are running the same software (apache, nginx, postfix etc.)
3 problem is, that like I said above, I'd like to use CNAMEs.

If it theoretically would work, are their any deficits with using CNAMEs?

I would really appreciate it, if someone would be so kind to help

Thank you very much!

Regards
MaddinXx
Reply With Quote
Sponsored Links
  #2  
Old 3rd July 2012, 14:32
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

As long as the CN in your certificate reflects the domain your requesting and the server knows about it, it should work.

make a csr for "cp.anotherdomain.tld", send it to your ca and use the key in your vhost for "cp.anotherdomain.tld".

an ssl certificate costs like 12EUR for 1 year, so you can just "try" ..
it's not that they cost a fortune

Remember that when you buy a wildcard this works: *.domain.tld
but this won't: *.*.domain.tld
__________________
Real men don't backup... Real men cry!

http://www.e-rave.nl/
Reply With Quote
  #3  
Old 3rd July 2012, 14:50
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 64 Times in 47 Posts
Default

Hi Mark

Thank you for the answer!

Jep, I realized that *.*.domain.tld is not possible (some research, I wasn't aware of this before) - thank you for pointing that out too.

Hmm ya, I'll just try, this may be the best way to get a feeling of how exactly it works - but still I'm not sure if it will like I want it to. I'll try
Reply With Quote
  #4  
Old 3rd July 2012, 14:54
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Well, the thing is .. the hostname you're requesting, need to be verified by the server and the CA (hence the pub/priv keys etc) .. so if your CN (Common Name) is: cp.anotherdomain.tld
Then your server should reply to your request with data that's coming from "cp.anotherdomain.tld" .. as far as i know there's no check for A or CNAME records. It shouldn't matter.
__________________
Real men don't backup... Real men cry!

http://www.e-rave.nl/
Reply With Quote
  #5  
Old 4th July 2012, 10:13
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 64 Times in 47 Posts
Default

OK so after purchasing a wildcard cert and trying to install it, it really worked fine.

I think the problem I had the first time was, that I did not copy the .key file together with the .crt file.

Everything working now!
Reply With Quote
  #6  
Old 4th July 2012, 15:32
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

how much did you pay for wildcard cert? single domain certs with www and without www are cheap... but wildcard ones are so expensive... at least the one's I've found.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #7  
Old 4th July 2012, 15:47
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 64 Times in 47 Posts
Default

Well it's an AlphaSSL cert, the cheap line of GlobalSign's DomainSSL (but with the same browser support etc.)

Since I'm reseller their it was USD 55.
Reply With Quote
  #8  
Old 4th July 2012, 16:02
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
Default

and for non-reseller it's $ 149 thx for the info.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
  #9  
Old 4th July 2012, 17:25
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 64 Times in 47 Posts
Default

Quote:
Originally Posted by sjau View Post
and for non-reseller it's $ 149 thx for the info.
If you like, I can purchase one for you for CHF 75?
Reply With Quote
  #10  
Old 4th July 2012, 21:57
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,146
Thanks: 4
Thanked 55 Times in 51 Posts
 
Default

nah, we already got one that is www and without www for $ 17/y. Wildcard would have been nice but it's not absolutely necessary for us.
__________________
"Common sense is not as common as commonly believed" by sjau

Auto-Install Script for ISPConfig and Horde on a Vanilla Debian Stable

Need more Repos for Ubuntu? Repository Generator
Need more Repos for Debian? Debian Repository Generator
Reply With Quote
Reply

Bookmarks

Tags
ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 10:49
Odd Spam behaviour itsnedkeren Installation/Configuration 1 11th December 2010 14:20
Being Spammed/Hacked/Probed not sure PLEASE HELP! kresser General 10 29th October 2010 17:25
Is my postfix is hacked? bzzik Server Operation 21 15th July 2009 14:13
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59


All times are GMT +2. The time now is 06:48.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.