Hello,
I have a SSL cert setup for a domain with no subdomain, i.e. mydomain.org. And a server block setup to redirect all https ‘www’
subdomain requests to the non subdomain server block. This works fine
in
Safari, FF, etc. But Chrome gives me a certificate domain name mismatch
warning ( The big red warning screen ) How can I prevent this? It’s
like
Chrome checks the SSL cert name before even following the nginx
redirect.
Here’s what I’m doing. Any help appreciated
Hello,
I have a SSL cert setup for a domain with no subdomain, i.e. mydomain.org. And a server block setup to redirect all https ‘www’
subdomain requests to the non subdomain server block. This works fine in
Safari, FF, etc. But Chrome gives me a certificate domain name mismatch
warning ( The big red warning screen ) How can I prevent this? It’s like
Chrome checks the SSL cert name before even following the nginx redirect.
Of course it does. That’s how SSL works.
You’re serving up the certificate for azcharters.org where browsers
(it’s not just Chrome!) are expecting one that identifies itself as
belonging to www.azcharters.org. You need to serve up a certificate
that matches www.azcharters.org in its Common Name (CN) or Subject
Alternative Name (SAN), just for the redirect listener block.
If you only have a single IP to serve both :443 listeners, by the way,
you’re out of luck with your current cert. You’d have to find an SSL
vendor who’ll sell you a single cert with (say) azcharters.org in the
CN and www.azcharters.org in the SAN. This may be more expensive than
you’d expect and - to be honest - I wouldn’t bother.
You’d have to find an SSL vendor who’ll sell you a single cert with (say) azcharters.org in the CN and www.azcharters.org in the SAN. This may be
more expensive than you’d expect and - to be honest - I wouldn’t bother.
To avoid such issues quite many SSL vendors include the (www.)
alternative
name automatically (like Godaddy, Comodo and Geotrust for sure).