Why is my valid SSL certificate invalid on a particular site with the same host?
I have hosting set up with HostEurope. My SSL certificate seems to be valid (it has not expired etc.) and it works for one the domains I use on my server (the SSL certificate was purchased for this domain). Recently I set up another site with a different domain on the same server and supplied the same SSL certificate as HostEurope tells me it's possible to use my certificate as 'global', i.e. for all domains on the server which I have attempted to do.
When I go to this site, I can see the SSL certificate is being supplied, however I am told it is invalid, yet when I check the certificate, it says it is valid (see the images below).
See here, it appears 'invalid'
See here, it appears 'valid'
The 'common name' is the URL of the other site which the SSL certificate works without issue.
Thanks
SSL certs are issued on either a single-domain, wildcard, or multi-domain basis.
We can't see the details of your certificate but it probably is single-domain, or the second domain is not listed in the "Subject Alternative Name" field. Check Stack Exchange's cert. It is a wildcard multi-domain certificate, that's issued to CN = *.stackexchange.com, but has several Alternative Names, for each of the communities: General details of SE's SSL certificate. Alternative Names listing in SE's SSL certificate..
Check whether your certificate covers the second domain you intend to use it on.
I'm not sure what HostEurope mean by 'global', but a certificate binds a name to a public key. Those names, along with the public key, are embedded within the certificate, which the CA then signs as a true statement.
Names within certificates are expected to be in the Subject Alternate Name (SAN) extension. It used to be expected in the Subject field, but modern browsers don't look there any more. You therefore need all the names that your certificate needs to be valid for listed in the SAN extension.
The only exception is a wildcard certificate, where a wildcard (*
) can stand in for any hostname within the domain. For example, a SAN entry of *.example.org
is valid for any host in example.org
, but this only works for one level. That is, it is valid for www.example.org
, bu not valid for www.internal.example.org
.