Why is my valid SSL certificate invalid on a particular site with the same host?

http https ssl ubuntu apache2

I have hosting set up with HostEurope. My SSL certificate seems to be valid (it has not expired etc.) and it works for one the domains I use on my server (the SSL certificate was purchased for this domain). Recently I set up another site with a different domain on the same server and supplied the same SSL certificate as HostEurope tells me it's possible to use my certificate as 'global', i.e. for all domains on the server which I have attempted to do.

When I go to this site, I can see the SSL certificate is being supplied, however I am told it is invalid, yet when I check the certificate, it says it is valid (see the images below).

See here, it appears 'invalid'

See here, it appears 'valid'

The 'common name' is the URL of the other site which the SSL certificate works without issue.

Thanks


SSL certs are issued on either a single-domain, wildcard, or multi-domain basis.

We can't see the details of your certificate but it probably is single-domain, or the second domain is not listed in the "Subject Alternative Name" field. Check Stack Exchange's cert. It is a wildcard multi-domain certificate, that's issued to CN = *.stackexchange.com, but has several Alternative Names, for each of the communities: General details of SE's SSL certificate. Alternative Names listing in SE's SSL certificate..

Check whether your certificate covers the second domain you intend to use it on.


I'm not sure what HostEurope mean by 'global', but a certificate binds a name to a public key. Those names, along with the public key, are embedded within the certificate, which the CA then signs as a true statement.

Names within certificates are expected to be in the Subject Alternate Name (SAN) extension. It used to be expected in the Subject field, but modern browsers don't look there any more. You therefore need all the names that your certificate needs to be valid for listed in the SAN extension.

The only exception is a wildcard certificate, where a wildcard (*) can stand in for any hostname within the domain. For example, a SAN entry of *.example.org is valid for any host in example.org, but this only works for one level. That is, it is valid for www.example.org, bu not valid for www.internal.example.org.

Related

Configuring STONITH on non-shared disk cluster
Destination NAT onto the Same Network in AWS using IPTables
Send messages between 2 Ubuntu PCs (Net Send Style)
Why am I getting "Permission denied: make_sock: could not bind to address" when starting Apache2?
Startup Disk Creator not recognizing selected ISO in 13.10
How to record the screen and webcam at the same time?
Update Launcher for Intellij IDEA in Ubuntu
What is the difference between "more" and "less" commands?
Why does mariadb keep dying? How do I stop it?
Script or function to return how many days from now until a given date
Decompressing multiple files at once
Viber appears huge - Kubuntu 16.04