Results 1 to 7 of 7

Thread: How to create SSL certificate with multiple Common Names

  1. #1
    Mr Spock is offline Junior Member
    Join Date
    Jan 2008
    Location
    Rio de Janeiro, Brasil
    Posts
    6
    Rep Power
    7

    Default How to create SSL certificate with multiple Common Names

    Hi!

    I'm new here, have deployed my first test server last week using the FOSS edition and I think Zimbra is a very good messaging solution!

    Now, I have a problem here, have searched the forums, asked Google, but haven't found anything yet...

    My server has a hostname as mail.example.org, so the automatically generated SSL certs have this FQDN as it's Common Name.

    But it like to give this server other CNAME's in my DNS setup, things like imap.example.org, pop3.example.org and smtp.example.org.

    But when I try this, my browser or mail client complains (obviously), as the cert CN is different from the name I'm using to access the server.

    So, I'd like to know how I can create my SSL certs with all the names I want to give to my server.

  2. #2
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default Same question

    I'm bumping this. I have the same problem. Actually, all I really need to do is *change* the CN. Can this be done with a self-signed cert? I am really not interested in shelling out extra cash for a "commercial" cert. And I'm having trouble with browsers giving popups even after installing my cert. I assume this is due to mismatched hostnames.

    Anyone?

    Thanks

  3. #3
    tuanta's Avatar
    tuanta is offline Active Member
    Join Date
    Feb 2008
    Location
    Hanoi
    Posts
    42
    Rep Power
    7

    Default

    You should reinstall the self-signed certificate, select "Replace the existing CSR" and add all your hostnames into "Subject Alternative Name".

    Hope this helps.
    Kind Regards,
    Tuan

    Official website: http://www.iwayvietnam.com/
    Weblog: http://blog.iwayvietnam.com/tuanta/
    -----

    Zimbra is the best ever FOSS I've worked with.

  4. #4
    mackoftrack's Avatar
    mackoftrack is offline Special Member
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    6

    Default

    Quote Originally Posted by tuanta View Post
    You should reinstall the self-signed certificate, select "Replace the existing CSR" and add all your hostnames into "Subject Alternative Name".

    Hope this helps.
    I've done that, but IE7 still doesn't play nice. Anything else I can try? I'm already looking at DigiCert...

    - Rafi

  5. #5
    tuanta's Avatar
    tuanta is offline Active Member
    Join Date
    Feb 2008
    Location
    Hanoi
    Posts
    42
    Rep Power
    7

    Default

    I tested with IE6, IE7 and Firefox.
    I think you were still wrong at the step adding all hostnames in to "Subject Alternative Name". This list should include the primary hostname of the ZCS.

    However, please drop me an email to tuanta@iwayvietnam.com if you need any more support.
    Kind Regards,
    Tuan

    Official website: http://www.iwayvietnam.com/
    Weblog: http://blog.iwayvietnam.com/tuanta/
    -----

    Zimbra is the best ever FOSS I've worked with.

  6. #6
    nenicita is offline Starter Member
    Join Date
    Nov 2009
    Posts
    1
    Rep Power
    5

    Default the same question

    when i create a open ssl certificate does not show me the option for alternative domain, i need to have this because my server has an alias mydomain.com my common name is MyDomain | Domain Names, Web Hosting, and Free Domain Services and when somebody try to use https://mydomain.com have an error that says ssl_error_bad_cert_domain and the cert is register just for MyDomain | Domain Names, Web Hosting, and Free Domain Services, please if you can say me this more detailed how to generate this certificate with both of my domains
    Thanks

  7. #7
    tuanta's Avatar
    tuanta is offline Active Member
    Join Date
    Feb 2008
    Location
    Hanoi
    Posts
    42
    Rep Power
    7

    Default

    Hi nenicita,

    You need only one SSL certificate for the server which recognized as multiple common names, don't you?

    You should consider to buy a "Wizard" SSL cert like this: True BusinessID Wildcard SSL Certificates - GeoTrust

    Please do not hesitate to contact me (post to this forum or send me a private message/email) if you need any further assistance.

    Rgds,
    Tuan
    Kind Regards,
    Tuan

    Official website: http://www.iwayvietnam.com/
    Weblog: http://blog.iwayvietnam.com/tuanta/
    -----

    Zimbra is the best ever FOSS I've worked with.

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Certificate Change Kicks Moto Q off of SSL Synch
    By theasbcguy in forum Zimbra Mobile
    Replies: 3
    Last Post: 04-14-2008, 12:01 PM
  3. 5.01 GA Create certificate ?
    By woeper in forum Installation
    Replies: 1
    Last Post: 01-25-2008, 12:05 AM
  4. Self-Signed SSL Certificate Causing Crash
    By VxJasonxV in forum Administrators
    Replies: 1
    Last Post: 12-06-2007, 01:24 PM
  5. Replies: 1
    Last Post: 11-05-2007, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •