Why does IE think that my certificate is invalid?

I have my chained certificate from Dreamhost set up and working for all browsers. I have 2 sites with 2 certs from dreamhost, example.com and sub.example.com.

All browsers are fine with the certs on both sites, except IE6, 7, and 8 (on XP, haven't tried other OSes). IE is fine with example.com, but it thinks that sub.example.com is trying to use the example.com cert.

Looking at the fingerprints in Firefox 3, Firefox is using the right cert for each domain. Looking at the fingerprints in IE, it's using the example.com cert and not the sub.example.com cert. (this part is really weird to me -- IE is going out of its way to go up a domain level and get the wrong cert?)

I'm using nginx.

Let me know if you'd like any more info. Thanks!


Solution 1:

Just figured this out -- I forgot to give the subdomain its own IP address.

More info:

http://nginx.org/en/docs/http/configuring_https_servers.html#sni

http://en.wikipedia.org/wiki/Server_Name_Indication