Forum Discussion
Nimbostratus"Multi-subdomain" SSL certificate - How to handle it?
Hello guys,
Please, I'll appreciate you could help me with this question.
My boss has given me an SSL certificate in order to use it in the BIG IP box. I got confused when he told me that I must use such only certificate to perform ssl offload for two different web services! he said: this is a multi-domain cert (I guess he dis not tell it in the correct way). I opened the certificate and realized that there were two sites in the field: Subject Alternate Name. Those sites were www.example.com and sales.example.com. As ever, I created the SSL client profiles in the BIG IP and put the same cert and key pair in both. The question is: Did I do wright? No matter the site, do I need to use the same cert/key pair?
The weird thing here is that the websites load in IE and in Chrome. But, Mozilla Firefox does not recognize the certificate. Why does it happen? How to troubleshoot this?
Thanks in advance and regards
Jorge
4 Replies
Mahmoud_Eldeeb_Cirrostratus
I seems you did the right thing, for mozilla it might be not updated version. make sure that you are using the most updated bbrowsers
jmanya_44531Hello,
Thanks for responding
My mozilla browser is updated to the last version. The error in MOzilla says:
www.example.com uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer). the weird thing here is that the other browsers detect the chain automaticaly.
Thanks
- Vitaliy_Savrans
Nacreous
Hi,
your boss have given you wildcard certificate. To fix "sec_error_unknown_issuer" you need to use certificate of intermediate certificate authority. You can determine chain using https://www.ssllabs.com/ssltest/. How to configure chain in client ssl profile:
Local Traffic ›› Profiles : SSL : Client ›› profile_name > position Chain (choose intermediate certificate) - CheapSSLSecurit
To load website using HTTPS over web browsers proper SSL Certificate installation is required.
sec_error_unknown_issue error in Mozilla Firefox alerts the certificate chain is not installed properly. And to build the perfect chain you must install intermediate SSL certificate.
