nsForum logo

Welcome Guest ( Log In )

Reply to this topicStart new topic
> Openssl Installation, OpenSSL and Subdomain Certificates
post Mar 20 2012, 10:49 AM
Post #1

Group: Verified NS Member
Posts: 1
Joined: 20-March 12
Member No.: 16,930

I'm running into a bit of a weird situation trying to install an SSL certificate for a subdomain. Here's what I've got:
1. A subdomain (xyzzy.mydomain.com)
2. A certificate for that subdomain
3. The ZIP file with:
a. NetworkSolutionsDVServerCA.crt
b. xyzzy.mydomain.com.crt
c. AddTrustExternalCARoot.crt
4. OpenSSL installation (with default server.crt and server.key files)

I've put the *.crt files into my ssl.crt folder (where my OpenSSL server.crt is located) and I've updated my httpd.conf file to have the VirtualHost reference the new files thusly:
1. SSLCertificateChainFile <path>/Apache_Plesk_Install.txt
2. SSLCertificateFile <path>/xyzzy.mydomain.com.crt
3. SSLCertificateKeyFile <path>/server.key

When I try to access the site, though, I show that the certificate is issued by "Temp Certificate!". Not sure what I'm doing wrong here but could really use some guidance on how to move forward.
I do not yet have an SSL cert for my top-level domain (www.mydomain.com). I'm not sure if that has an impact or not.

--- Bill.
Go to the top of the page
+Quote Post
Korey N
post Mar 22 2012, 02:39 AM
Post #2

Group: NetSol Staff
Posts: 150
Joined: 15-March 12
From: PA
Member No.: 16,875

Hi BillDeVoe,

I am sorry to hear that you're having troubles with installing your Network Solutions certificate. After researching I found that you actually have the same certificate installed on both your sub domain and your www. domain. If you visit your site using a browser like Google Chrome you will see an error stating that the site is identifying itself as www.domain.com. This means you have the www. certificate installed on both your domains.

I also used an internal tool to check the Certificate Chain and it did show that the certificate installed was for www.domain.com.

If you cannot figure out how to do this the way you have planned I would suggest contacting the server manufacturer for the best instructions.

Hope that helps! Good Luck! (IMG:http://forums.networksolutions.com/style_emoticons/default/thumbsup.gif)
Go to the top of the page
+Quote Post
post Dec 6 2012, 07:11 PM
Post #3

Group: Verified NS Member
Posts: 6
Joined: 7-October 12
Member No.: 18,721

I want install the certificate, which bought via godaddy. How can I do it?
Go to the top of the page
+Quote Post
post Dec 16 2012, 02:50 PM
Post #4

Group: Verified NS Member
Posts: 6
Joined: 7-October 12
Member No.: 18,721

I have all these files. Now I am trying to test it. I will send certificate file (*.csr) and the ca bundle. When everything will work, I'll write about it. Thank you.
Go to the top of the page
+Quote Post
post Mar 9 2016, 02:14 PM
Post #5

Group: Verified NS Member
Posts: 1
Joined: 9-March 16
Member No.: 24,745

Maybe this will help someone, it was very frustrating figuring it out b/c there is no documentation on this apparently. We purchased the cert with Network Solutions and we are hosted at webfaction.com (Apache Mod_SSL / OpenSSL)

You must create a single chained crt file from these 4 crt files in this order:

using cat:
cat WWW.MYSITE.COM.crt DV_NetworkSolutionsDVServerCA2.crt DV_USERTrustRSACertificationAuthority.crt AddTrustExternalCARoot.crt > www.mysite.com.chained.crt

Note: this will require editing after combining b/c it will erroneously append these lines which won't work:

when it should be


So after chaining them you should have a file (call it whatever you want) www.mysite.com.chained.crt that has 4 sections in it in that order.

Then you can confirm it's correct with this command

openssl s_server -cert www.mysite.com.chained.crt -key www.mysite.com.key -www

It is going to work if you see the following:

Using default temp DH parameters
Using default temp ECDH parameters
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
No Tag inserted yet

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version    Network Solutions © 2011 Time is now: 23rd January 2018 - 06:29 AM
Domain Names | Web Hosting | Web Design | Shopping Cart Software | Online Marketing | SSL Certificates