SSL And Security

Stephen_Poole · ‎08-11-2019

In Chrome, if you go to wdjconline.com OR www.wdjconline.com, our certificate works fine. In Firefox (I'm using version 60.8 with OpenSuse), the "www" gives a "bad certificate" error, but wdjconline (with the "www") does NOT give an error. This is something that has recently popped up.

We are using SANs (standard 20-domain certificate from GoDaddy) to handle our Websites. Incidentally, the problem does NOT occur with our main Website: both crawfordbroadcasting.com and www.crawfordbroadcasting.com both work fine. No errors.

Any ideas?

JHasselbring · ‎08-13-2019

@Stephen_Poole Do you handle your own apache configuration?

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

Stephen_Poole · ‎08-13-2019

Yes, we handle our Apache. You have a tip? I'm all ears!!

JHasselbring · ‎08-14-2019

@Stephen_Poole

In your .conf file's <VirtualHost *:443> ... Make sure you make use of both ServerName and ServerAlias:

<VirtualHost *:443>
   ServerAdmin webmaster@mydomain.com
   ServerName mydomain.com
   ServerAlias www.mydomain.com
   DocumentRoot /var/www/html/mydomain.com/public_html

Even if both www and non-www points to the same server, it doesn't mean that your Apache will serve them from the same vHosts. One of them is probably being server from the default VirtualHost where the SSL is not defined

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

JHasselbring · ‎08-14-2019

BTW @Stephen_Poole ,

I get a cert error on your site all the time... also, www gets forwarded to non-www (which is good... I'm just not sure if you did that on purpose)

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

Stephen_Poole · ‎08-17-2019

<VirtualHost *:443>
ServerName "wdjconline.com"
ServerAlias "www.wdjconline.com"
DocumentRoot "/home/wdjconline.com/public_html/"
RewriteEngine On
RewriteRule ^/wdjconline/(.*) / [R=301,L]

Hmmm. Looks like I'm doing that.

JHasselbring · ‎08-20-2019

Not sure if it matters but I usually do not use quotes to wrap my server name ("" "")... I mean, Apache wouldn't run if that's a problem.

Your certificate path are defined right? e.g.

  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache2/conf/mydomain.com.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache2/conf/mydomain.com.key"

and you're actually listening to 443 + SSL protocols are defined?

Listen 443
SSLProtocol all -SSLv2 -SSLv3

FYI... I'm shooting in the dark right now... I have not clue at this point why none of your cert work on my end.

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

JHasselbring · ‎08-20-2019

@Stephen_Poole

Also, If you just updated your .conf files... don't forget to restart Apache... I tend to forget it.

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

SSL And Security

Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

SSL And Security

Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

Re: Another Strange Firefox Problem with SSL

You may also like...