iTim2009

Q: Yosemite: Website Using Wrong Certificate

Hi all,

 

I currently have three websites hosting on Server (5.0). For simplicity's sake, let's call them Red.com, Blue.com, and Green.com.

 

I have verified SSL certificates for all three domains with valid trust chains. I imported all three certificates correctly under "Certificates."

 

Now, under websites, for Red.com, Blue.com, and Green.com, I set each site to use it's corresponding SSL certificate.

 

However, all three websites are using the certificate for Blue.com, despite what their setting is under Websites, and is causing validation issues on the browser end. The only reason I can think of is that under "Certificates" in the side pane, the certificate for Blue.com is listed first, so all SSL-websites default to that one despite what's configured under websites? I've tried deleting the website profile for Green.com and Red.com and rebuilding them from scratch, selecting the Green.com and Red.com certificate, but once I go to the websites in a browser a certificate warning pops up and shows that it's trying to use Blue.com's certificate.

 

Can anyone help with this?

 

 

EDIT: I should note that this is only a problem if I have IP Address set to 'Any.' If I use the IP address in the drop down (the server's IP) it pulls the valid certificate, but setting the IP prevents me from using profile manager and other services.

Mac mini, OS X Server

Posted on Nov 4, 2015 7:42 AM

Close

Q: Yosemite: Website Using Wrong Certificate

  • All replies
  • Helpful answers

  • by Blaidd Drwg,Solvedanswer

    Blaidd Drwg Blaidd Drwg Nov 5, 2015 7:47 PM in response to iTim2009
    Level 1 (109 points)
    Nov 5, 2015 7:47 PM in response to iTim2009

    IF you want to use 3 differrent certs, you must host each site on a different IP address or port. You could alternatively use a single cert with two SAN names (subject alternative name).

  • by iTim2009,

    iTim2009 iTim2009 Nov 5, 2015 7:53 PM in response to Blaidd Drwg
    Level 1 (13 points)
    Servers Enterprise
    Nov 5, 2015 7:53 PM in response to Blaidd Drwg

    Thank you for your answer. I have since configured multiple IP addresses for each site (and configured DNS accordingly) but yet all SSL sites are still defaulting to the default "Server Website (SSL)" certificate.

  • by chs5056,

    chs5056 chs5056 Mar 15, 2016 6:34 PM in response to iTim2009
    Level 1 (0 points)
    Mar 15, 2016 6:34 PM in response to iTim2009

    I'm having the exact same issue.  Were you ever able to find an answer?

  • by iTim2009,

    iTim2009 iTim2009 Mar 15, 2016 6:43 PM in response to chs5056
    Level 1 (13 points)
    Servers Enterprise
    Mar 15, 2016 6:43 PM in response to chs5056

    Yes, though I will add to Blaidd Drwg's answer in that you have to use both suggestions. Your only option is to use a single certificate for all websites that is valid for every domain you used.

     

    I got a Class 2 StartCom cert from StartSSL.com and my DNS listing in the certificates are like so:

     

    server.domain1.com

    *.domain1.com

    *.domain2.com

    *.domain3.com

    .. etc.

     

    Then use an IP(s) that is different than the ethernet address of the server.