[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Re: [users@httpd] How to deal with www and non-www domain names with one certificate?
From: Adam Powell <adam () adaminfinitum ! com>
Date: 2020-02-05 10:55:17
Message-ID: CALsiKnN_cCoVx__D5Pth4HwFG7wY8jzGGKDEwzDgRqucmoiL3g () mail ! gmail ! com
[Download RAW message or body]
Hi Ed,
When I am setting up a server or virtual host, I start with this:
https://github.com/h5bp/html5-boilerplate/blob/master/dist/.htaccess
That's the configuration file from a project that is intended to jumpstart
web development projects and set smart defaults. It is well documented
particularly with inline comments.
I believe the default configuration is what you're describing but if you
need to make adjustments you can just comment or uncomment the appropriate
settings for your use case.
I then use Certbot <https://certbot.eff.org/> to generate an SSL
certificate that covers both the naked domain and the www subdomain (and
any other subdomains).
These 2 documents outline how to set up the configuration files:
https://httpd.apache.org/docs/2.4/configuring.html
https://httpd.apache.org/docs/2.4/sections.html
My suggestion would be to use the code in the HTML5 Boilerplate (the first
link) but do so in your main config file so that you avoid using
`.htaccess` files (and `AllowOverride` directives) altogether.
Another tool you might find useful is the Mozilla SSL configuration
generator <https://ssl-config.mozilla.org/>
It looks like you shared both the public and private encryption keys when
you included the SSL certificates so you should generate new
keys/certificates.
Hope that helps.
-Adam Powell
Founder, ADA First <https://www.adafirst.org/>
On Tue, Feb 4, 2020 at 1:03 PM edflecko . <edflecko@gmail.com> wrote:
> I don't understand how to deal with forcing all connections to
> www.sierraprogress.org to simply sierraprogress.org , forcing all
> connections to my website with https , and using only one certificate per
> domain name?
>
> Here's my unique server information:
> CentOS 7
> Server version: Apache/2.4.41 (codeit)
> OpenSSL 1.1.1c
>
> 1.) Forcing all connections to www.domainname.com to domainname.comis
> best done with a rewrite rule, isn't it? I've found some examples online,
> but I don't know if one is better than the others?
>
> RewriteEngine On
> RewriteCond %{HTTPS} off [OR]
> RewriteCond %{HTTP_HOST} ^www\. [NC]
> RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
> RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
>
> RewriteEngine On
> RewriteBase /
> RewriteCond %{HTTP_HOST} ^([^.]+)\.sierraprogress\.org$ [NC]
> RewriteRule ^(.*)$ https://sierraprogress.org/$1 [R=301,L]
>
> RewriteEngine On
> RewriteCond %{HTTP_HOST} ^sierraprogress\.org$ [NC]
> RewriteRule ^ https://www. sierraprogress.org %{REQUEST_URI} [R=301,L]
>
> RewriteEngine on
> RewriteCond %{HTTP_HOST} ^www.sierraprogress.org
> RewriteRule (.*) https:// sierraprogress.org /$1 [R=301,L]
>
> Since I want ALL websites that this server will host to remove the www AND
> be https connections, maybe the first example is best?
>
> Do I just place this code snippet in my httpd.conf file?
>
> 2.) Here's my sierraprogress.org.conf file:
>
> <VirtualHost *:80>
> ServerName sierraprogress.org
> ServerAlias www.sierraprogress.org
> DocumentRoot /var/www/sierraprogress.org/public_html
> <Directory /var/www/sierraprogress.org/public_html>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
> ErrorLog /var/www/sierraprogress.org/error.log
> CustomLog /var/www/sierraprogress.org/requests.log combined
> </VirtualHost>
>
> <VirtualHost *:443>
> DocumentRoot /var/www/sierraprogress.org/public_html
> Protocols h2 h2c http/1.1
> ServerName sierraprogress.org
> ServerAlias www.sierraprogress.org
> <Directory /var/www/sierraprogress.org/public_html>
> Options -Indexes +FollowSymLinks
> AllowOverride All
> </Directory>
> ErrorLog /var/www/sierraprogress.org/error.log
> CustomLog /var/www/sierraprogress.org/requests.log combined
> SSLEngine on
> SSLCertificateFile /etc/httpd/ssl/sierraprogress.crt
> SSLCertificateKeyFile /etc/httpd/ssl/sierraprogress.key
> SSLCipherSuite HIGH:!aNULL:!MD5
> </VirtualHost>
>
> The one certificate I'm using ( sierraprogress.crt) works fine for
> sierraprogress.org connections but, of course, will NOT work for
> www.sierraprogress.org connections because of the domain name mis-match.
> I've also tried using a wildcard certificate for *.sierraprogress.org
> (see below), but I couldn't get that to work at all.
>
> Suggestions on how to handle these issues?
>
> Thank you for your time and suggestions!
> Ed
>
> Certificate Decoder - https://www.sslshopper.com/certificate-decoder.html
>
> -----BEGIN CERTIFICATE-----
>
> MIIIRTCCBy2gAwIBAgIRAOKGYmn0tkDkNQnJmw6pxPUwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UE
>
> BhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAoTCUludGVybmV0
>
> MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMTFkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcN
>
> MjAwMjAzMDAwMDAwWhcNMjIwMjAyMjM1OTU5WjCB9zELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk1
>
> ODExMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpTYWNyYW1lbnRvMRMwEQYDVQQJEwpT
>
> dWl0ZSA0NTU0MRIwEAYDVQQJEwkxMTAyIFEgU3QxOjA4BgNVBAoTMUNhbGlmb3JuaWEgQ29tbXVu
>
> aXR5IENvbGxlZ2VzIENoYW5jZWxsb3IncyBPZmZpY2UxKjAoBgNVBAsTIVNpZXJyYSBDb21tdW5p
>
> dHkgQ29sbGVnZSBEaXN0cmljdDEdMBsGA1UEAwwUKi5zaWVycmFwcm9ncmVzcy5vcmcwggIiMA0G
>
> CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDesbsGiNvbFKliUNCDwIi2vlQLZUReIy+RG+WQMT7/
>
> OFxUoqmakn425m7NcobMSE6YPhzpnSJrULaMWqipYYYm1L20oLcrCsE4yFsCT1pZcBwGDxbLjJHp
>
> izD18Q/KUub/shkpVzaFi6L2po6ePeUfIvutT0qZqGVZ/OFumWRMc6AXpoByxnKc6V5JAmMKl8rK
>
> gYZHKjzYaTo740IVqqTSfWNRMQjk8DH0H9MpztryZZXiuFOpc0v6nOMjnarcvejod823/+9yWNJS
>
> bLZPZ9msaeTRcElhg3WGyTiHqDIa7wBIQ9pv0r+1oOxSJhuX8ikctUBgrW9y7AbuIbOg2ehIpgvS
>
> wEronErkdE3c+XR1czU9+swklVYNM+mVLLUCVHKjiq1spvaPM7x7yor9Y8/irU20CnK3ei19dtH0
>
> PjghyENMotP1aHqixiROG2knfV1OGZFNoavTcd2P65+tqLjvnfvBJmozny48WzIMtDj7diuk82R0
>
> EWxvH5l5B75gYc58v1Ilc1Zj0ZJb86hD2SFMc/tyTnh2jAK3J/PkTIkJUBFiayNt+pmXgpeoDXU4
>
> MPlCZ1lQPndKFrQF8fiQCGi+gWFe14ce8YUMNpUt3MADqgix/K/Y5CYxj/ZoYFcNPrSeD10fCfgv
>
> f5kqC0DpzW5kTjPd/7PI5DdgRgPn1wq/nQIDAQABo4IDSjCCA0YwHwYDVR0jBBgwFoAUHgWjd49s
>
> luJbh0umtIascQAM5zgwHQYDVR0OBBYEFOHuaAxD1C5HSZGgBA0qVgTht+QaMA4GA1UdDwEB/wQE
>
> AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAE
>
> YDBeMFIGDCsGAQQBriMBBAMBATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5v
>
> cmcvY2VydC9yZXBvc2l0b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1
>
> hjNodHRwOi8vY3JsLmluY29tbW9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJDQS5jcmwwdQYI
>
> KwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vSW5Db21t
>
> b25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv
>
> bTAfBgNVHREEGDAWghQqLnNpZXJyYXByb2dyZXNzLm9yZzCCAX4GCisGAQQB1nkCBAIEggFuBIIB
>
> agFoAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAFwDGMvfQAABAMARjBEAiBS
>
> 1GLLzhw2uxvhnWSqc3D5corPiWhG8/3tjgV/Ae20QQIgDXVYeoOB6vHJISfi6Y9CLnmhcXvtCYRy
>
> rTA2vx+uOO0AdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAXAMYy+yAAAEAwBI
>
> MEYCIQDZtOwDM/INlQIIMfJtAy8+e7dLfj3iiWrBS9snu3XPJAIhALyFF8aX2k5zrGflzhfF8Bvu
>
> +JXYx+YHIPzQuO/4KKCOAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAFwDGMv
>
> bgAABAMARzBFAiA8Egg+2KvuX5cnBJPd+jLn3Ze5C5PUYtn/CP7JkduU8QIhAO+jSeVlXzep0gBy
>
> Vf2EYXkag2hZ7k4kDwVuxpIP2u4XMA0GCSqGSIb3DQEBCwUAA4IBAQAFoLuCc6SvsFmiPoANyHYR
>
> pf5nsRRh+u2K/G4vmpJbOOAXPUCguh4HeTXYR7ELxwsHkquXB9UkK87yA/j7b8xSSjZOswRXQ0hA
>
> yEZKwhn9o5UDJwhO2Gg/JnWuHdPJteJkFUVk3RRKu1FNmFPzRs3AhulWKt9WMKTainZbdqoz0BqS
>
> r6JXum67C3Q2j8bBOrJd60EmQeY2qQTsv/dNEHfbdNQinNJr/E7G9knlN/iOMq3S9aTs2xvA76Yo
>
> EkKDAPH7/e7E3GnNdbiQbEuTCWFS2koP5z/Vnxq4ItRImt7U9y91ehU9geK4rvr8Ud0n64khLPuy
> 4EwEmKxGvbjugBN4
> -----END CERTIFICATE-----
> -----BEGIN CERTIFICATE-----
> MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB
> iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
> cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
> BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQx
> MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
> CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
> DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
> QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
> xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
> HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
> iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
> qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
> eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
> fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
> MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
> EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
> AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
> hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
> dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
> dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
> cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
> hvcNAQEMBQADggIBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU
> 11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZQPwZsHURKsISNrqOcooGTie3jVgU0W+0
> +Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74fzYefbZ/VS29fR
> 5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72
> hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo
> RCASN18JyfsD5PVldJbtyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED
> Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3PvzdhssvbORDwBZByogQ9xL2LUZFI/i
> eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJnvujbXEnGa
> nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b
> oJ8ifsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH
> OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk
> -----END CERTIFICATE-----
>
[Attachment #3 (text/html)]
<div dir="ltr"><div class="gmail_default" style="font-size:small">Hi Ed,</div><div \
class="gmail_default" style="font-size:small">When I am setting up a server or \
virtual host, I start with this:</div><div class="gmail_default" \
style="font-size:small"><a \
href="https://github.com/h5bp/html5-boilerplate/blob/master/dist/.htaccess">https://github.com/h5bp/html5-boilerplate/blob/master/dist/.htaccess</a><br></div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">That's the configuration file from a project that is \
intended to jumpstart web development projects and set smart defaults. It is well \
documented particularly with inline comments.</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">I believe the default configuration is what you're \
describing but if you need to make adjustments you can just comment or uncomment the \
appropriate settings for your use case.</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">I then use <a href="https://certbot.eff.org/">Certbot</a> to \
generate an SSL certificate that covers both the naked domain and the www subdomain \
(and any other subdomains).</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">These 2 documents outline how to set up the configuration \
files:</div><div class="gmail_default" style="font-size:small"><a \
href="https://httpd.apache.org/docs/2.4/configuring.html">https://httpd.apache.org/docs/2.4/configuring.html</a><br></div><div \
class="gmail_default" style="font-size:small"><a \
href="https://httpd.apache.org/docs/2.4/sections.html">https://httpd.apache.org/docs/2.4/sections.html</a><br></div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">My suggestion would be to use the code in the HTML5 \
Boilerplate (the first link) but do so in your main config file so that you avoid \
using `.htaccess` files (and `AllowOverride` directives) altogether.</div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Another tool you might find useful is the <a \
href="https://ssl-config.mozilla.org/">Mozilla SSL configuration \
generator</a></div><div class="gmail_default" style="font-size:small"><br></div><div \
class="gmail_default" style="font-size:small">It looks like you shared both the \
public and private encryption keys when you included the SSL certificates so you \
should generate new keys/certificates.</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Hope that helps.</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">-Adam Powell</div><div class="gmail_default" \
style="font-size:small">Founder, <a href="https://www.adafirst.org/">ADA \
First</a></div></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Tue, Feb 4, 2020 at 1:03 PM edflecko . <<a \
href="mailto:edflecko@gmail.com">edflecko@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I \
don't understand how to deal with forcing all connections to <a \
href="http://www.sierraprogress.org" target="_blank">www.sierraprogress.org</a> to \
simply <a href="http://sierraprogress.org" target="_blank">sierraprogress.org</a> , \
forcing all connections to my website with https , and using only one certificate per \
domain name?<br><br>Here's my unique server information:<br>CentOS 7<br>Server \
version: Apache/2.4.41 (codeit)<br>OpenSSL 1.1.1c<br><br>1.) Forcing all connections \
to <a href="http://www.domainname.com" target="_blank">www.domainname.com</a> to \
domainname.comis best done with a rewrite rule, isn't it? I've found some \
examples online, but I don't know if one is better than the \
others?<br><br>RewriteEngine On<br>RewriteCond %{HTTPS} off [OR]<br>RewriteCond \
%{HTTP_HOST} ^www\. [NC]<br>RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ \
[NC]<br>RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]<br><br>RewriteEngine \
On<br>RewriteBase /<br>RewriteCond %{HTTP_HOST} ^([^.]+)\.sierraprogress\.org$ \
[NC]<br>RewriteRule ^(.*)$ <a href="https://sierraprogress.org/$1" \
target="_blank">https://sierraprogress.org/$1</a> [R=301,L]<br><br>RewriteEngine \
On<br>RewriteCond %{HTTP_HOST} ^sierraprogress\.org$ [NC]<br>RewriteRule ^ <a \
href="https://www" target="_blank">https://www</a>. <a \
href="http://sierraprogress.org" target="_blank">sierraprogress.org</a> \
%{REQUEST_URI} [R=301,L]<br><br>RewriteEngine on<br>RewriteCond %{HTTP_HOST} ^<a \
href="http://www.sierraprogress.org" \
target="_blank">www.sierraprogress.org</a><br>RewriteRule (.*) https:// <a \
href="http://sierraprogress.org" target="_blank">sierraprogress.org</a> /$1 \
[R=301,L]<br><br>Since I want ALL websites that this server will host to remove the \
www AND be https connections, maybe the first example is best?<br><br>Do I just place \
this code snippet in my httpd.conf file?<br><br>2.) Here's my \
sierraprogress.org.conf file:<br><br><VirtualHost *:80><br> ServerName <a \
href="http://sierraprogress.org" target="_blank">sierraprogress.org</a><br> \
ServerAlias <a href="http://www.sierraprogress.org" \
target="_blank">www.sierraprogress.org</a><br>DocumentRoot /var/www/<a \
href="http://sierraprogress.org/public_html" \
target="_blank">sierraprogress.org/public_html</a><br><Directory /var/www/<a \
href="http://sierraprogress.org/public_html" \
target="_blank">sierraprogress.org/public_html</a>><br> Options \
-Indexes +FollowSymLinks<br> AllowOverride All<br> \
</Directory><br> ErrorLog /var/www/<a \
href="http://sierraprogress.org/error.log" \
target="_blank">sierraprogress.org/error.log</a><br> CustomLog /var/www/<a \
href="http://sierraprogress.org/requests.log" \
target="_blank">sierraprogress.org/requests.log</a> \
combined<br></VirtualHost><br><br><VirtualHost *:443><br> \
DocumentRoot /var/www/<a href="http://sierraprogress.org/public_html" \
target="_blank">sierraprogress.org/public_html</a><br> Protocols h2 h2c \
http/1.1<br> ServerName <a href="http://sierraprogress.org" \
target="_blank">sierraprogress.org</a><br> ServerAlias <a \
href="http://www.sierraprogress.org" \
target="_blank">www.sierraprogress.org</a><br><Directory /var/www/<a \
href="http://sierraprogress.org/public_html" \
target="_blank">sierraprogress.org/public_html</a>><br> Options \
-Indexes +FollowSymLinks<br> AllowOverride All<br> \
</Directory><br>ErrorLog /var/www/<a href="http://sierraprogress.org/error.log" \
target="_blank">sierraprogress.org/error.log</a><br> CustomLog /var/www/<a \
href="http://sierraprogress.org/requests.log" \
target="_blank">sierraprogress.org/requests.log</a> combined<br> SSLEngine \
on<br>SSLCertificateFile /etc/httpd/ssl/sierraprogress.crt<br> \
SSLCertificateKeyFile /etc/httpd/ssl/sierraprogress.key<br>SSLCipherSuite \
HIGH:!aNULL:!MD5<br></VirtualHost><br><br>The one certificate I'm using ( \
sierraprogress.crt) works fine for <a href="http://sierraprogress.org" \
target="_blank">sierraprogress.org</a> connections but, of course, will NOT work for \
<a href="http://www.sierraprogress.org" target="_blank">www.sierraprogress.org</a> \
connections because of the domain name mis-match. I've also tried using a \
wildcard certificate for *.<a href="http://sierraprogress.org" \
target="_blank">sierraprogress.org</a> (see below), but I couldn't get that to \
work at all.<br><br>Suggestions on how to handle these issues?<br><br>Thank you for \
your time and suggestions!<br>Ed<br><br>Certificate Decoder - <a \
href="https://www.sslshopper.com/certificate-decoder.html" \
target="_blank">https://www.sslshopper.com/certificate-decoder.html</a><br><br>-----BEGIN \
CERTIFICATE-----<br>MIIIRTCCBy2gAwIBAgIRAOKGYmn0tkDkNQnJmw6pxPUwDQYJKoZIhvcNAQELBQAwdj \
ELMAkGA1UE<br>BhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3IxEjAQBgNVBAoTCUludGVy \
bmV0<br>MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMTFkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcN<b \
r>MjAwMjAzMDAwMDAwWhcNMjIwMjAyMjM1OTU5WjCB9zELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk1<br>ODEx \
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpTYWNyYW1lbnRvMRMwEQYDVQQJEwpT<br>dWl0ZSA0NT \
U0MRIwEAYDVQQJEwkxMTAyIFEgU3QxOjA4BgNVBAoTMUNhbGlmb3JuaWEgQ29tbXVu<br>aXR5IENvbGxlZ2Vz \
IENoYW5jZWxsb3IncyBPZmZpY2UxKjAoBgNVBAsTIVNpZXJyYSBDb21tdW5p<br>dHkgQ29sbGVnZSBEaXN0cm \
ljdDEdMBsGA1UEAwwUKi5zaWVycmFwcm9ncmVzcy5vcmcwggIiMA0G<br>CSqGSIb3DQEBAQUAA4ICDwAwggIK \
AoICAQDesbsGiNvbFKliUNCDwIi2vlQLZUReIy+RG+WQMT7/<br>OFxUoqmakn425m7NcobMSE6YPhzpnSJrUL \
aMWqipYYYm1L20oLcrCsE4yFsCT1pZcBwGDxbLjJHp<br>izD18Q/KUub/shkpVzaFi6L2po6ePeUfIvutT0qZ \
qGVZ/OFumWRMc6AXpoByxnKc6V5JAmMKl8rK<br>gYZHKjzYaTo740IVqqTSfWNRMQjk8DH0H9MpztryZZXiuF \
Opc0v6nOMjnarcvejod823/+9yWNJS<br>bLZPZ9msaeTRcElhg3WGyTiHqDIa7wBIQ9pv0r+1oOxSJhuX8ikc \
tUBgrW9y7AbuIbOg2ehIpgvS<br>wEronErkdE3c+XR1czU9+swklVYNM+mVLLUCVHKjiq1spvaPM7x7yor9Y8 \
/irU20CnK3ei19dtH0<br>PjghyENMotP1aHqixiROG2knfV1OGZFNoavTcd2P65+tqLjvnfvBJmozny48WzIM \
tDj7diuk82R0<br>EWxvH5l5B75gYc58v1Ilc1Zj0ZJb86hD2SFMc/tyTnh2jAK3J/PkTIkJUBFiayNt+pmXgp \
eoDXU4<br>MPlCZ1lQPndKFrQF8fiQCGi+gWFe14ce8YUMNpUt3MADqgix/K/Y5CYxj/ZoYFcNPrSeD10fCfgv \
<br>f5kqC0DpzW5kTjPd/7PI5DdgRgPn1wq/nQIDAQABo4IDSjCCA0YwHwYDVR0jBBgwFoAUHgWjd49s<br>lu \
Jbh0umtIascQAM5zgwHQYDVR0OBBYEFOHuaAxD1C5HSZGgBA0qVgTht+QaMA4GA1UdDwEB/wQE<br>AwIFoDAM \
BgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAE<br>YDBeMFIGDCsGAQ \
QBriMBBAMBATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5v<br>cmcvY2VydC9yZXBvc2l0 \
b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1<br>hjNodHRwOi8vY3JsLmluY29tbW \
9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJDQS5jcmwwdQYI<br>KwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAC \
hjJodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vSW5Db21t<br>b25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQ \
cwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNv<br>bTAfBgNVHREEGDAWghQqLnNpZXJyYXByb2dyZXNzLm9y \
ZzCCAX4GCisGAQQB1nkCBAIEggFuBIIB<br>agFoAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bU \
cAAAFwDGMvfQAABAMARjBEAiBS<br>1GLLzhw2uxvhnWSqc3D5corPiWhG8/3tjgV/Ae20QQIgDXVYeoOB6vHJ \
ISfi6Y9CLnmhcXvtCYRy<br>rTA2vx+uOO0AdwBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAX \
AMYy+yAAAEAwBI<br>MEYCIQDZtOwDM/INlQIIMfJtAy8+e7dLfj3iiWrBS9snu3XPJAIhALyFF8aX2k5zrGfl \
zhfF8Bvu<br>+JXYx+YHIPzQuO/4KKCOAHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAFwDG \
Mv<br>bgAABAMARzBFAiA8Egg+2KvuX5cnBJPd+jLn3Ze5C5PUYtn/CP7JkduU8QIhAO+jSeVlXzep0gBy<br> \
Vf2EYXkag2hZ7k4kDwVuxpIP2u4XMA0GCSqGSIb3DQEBCwUAA4IBAQAFoLuCc6SvsFmiPoANyHYR<br>pf5nsR \
Rh+u2K/G4vmpJbOOAXPUCguh4HeTXYR7ELxwsHkquXB9UkK87yA/j7b8xSSjZOswRXQ0hA<br>yEZKwhn9o5UD \
JwhO2Gg/JnWuHdPJteJkFUVk3RRKu1FNmFPzRs3AhulWKt9WMKTainZbdqoz0BqS<br>r6JXum67C3Q2j8bBOr \
Jd60EmQeY2qQTsv/dNEHfbdNQinNJr/E7G9knlN/iOMq3S9aTs2xvA76Yo<br>EkKDAPH7/e7E3GnNdbiQbEuT \
CWFS2koP5z/Vnxq4ItRImt7U9y91ehU9geK4rvr8Ud0n64khLPuy<br>4EwEmKxGvbjugBN4<br>-----END \
CERTIFICATE-----<br>-----BEGIN \
CERTIFICATE-----<br>MIIF+TCCA+GgAwIBAgIQRyDQ+oVGGn4XoWQCkYRjdDANBgkqhkiG9w0BAQwFADCB<b \
r>iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl<br>cnNleSBDaXR5MR4w \
HAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV<br>BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaW \
NhdGlvbiBBdXRob3JpdHkwHhcNMTQx<br>MDA2MDAwMDAwWhcNMjQxMDA1MjM1OTU5WjB2MQswCQYDVQQGEwJV \
UzELMAkGA1UE<br>CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw<br>Dw \
YDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD<br>QTCCASIwDQYJKoZIhvcN \
AQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e<br>xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuz \
M+j9INpun5uukNDBqeso7JcC7v<br>HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefk \
QnI/tBPP<br>iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl<br>qKOYMa \
0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT<br>eIFken5FahZv9JNYyWL7KSd9 \
oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML<br>fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1 \
qqK0rPVIDh2JvAnfKyA2bL<br>MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMC \
AYYw<br>EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH<br>AwIwGwYDVR \
0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB<br>hj9odHRwOi8vY3JsLnVzZXJ0cnVz \
dC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh<br>dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD \
8GCCsGAQUFBzAChjNo<br>dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j \
<br>cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI<br>hvcNAQEMBQADgg \
IBAC0RBjjW29dYaK+qOGcXjeIT16MUJNkGE+vrkS/fT2ctyNMU<br>11ZlUp5uH5gIjppIG8GLWZqjV5vbhvhZ \
QPwZsHURKsISNrqOcooGTie3jVgU0W+0<br>+Wj8mN2knCVANt69F2YrA394gbGAdJ5fOrQmL2pIhDY0jqco74 \
fzYefbZ/VS29fR<br>5jBxu4uj1P+5ZImem4Gbj1e4ZEzVBhmO55GFfBjRidj26h1oFBHZ7heDH1Bjzw72<br> \
hipu47Gkyfr2NEx3KoCGMLCj3Btx7ASn5Ji8FoU+hCazwOU1VX55mKPU1I2250Lo<br>RCASN18JyfsD5PVldJ \
btyrmz9gn/TKbRXTr80U2q5JhyvjhLf4lOJo/UzL5WCXED<br>Smyj4jWG3R7Z8TED9xNNCxGBMXnMete+3Pvz \
dhssvbORDwBZByogQ9xL2LUZFI/i<br>eoQp0UM/L8zfP527vWjEzuDN5xwxMnhi+vCToh7J159o5ah29mP+aJ \
nvujbXEnGa<br>nrNxHzu+AGOePV8hwrGGG7hOIcPDQwkuYwzN/xT29iLp/cqf9ZhEtkGcQcIImH3b<br>oJ8i \
fsCnSbu0GB9L06Yqh7lcyvKDTEADslIaeSEINxhO2Y1fmcYFX/Fqrrp1WnhH<br>OjplXuXE0OPa0utaKC25Aplgom88L2Z8mEWcyfoB7zKOfD759AN7JKZWCYwk<br>-----END \
CERTIFICATE-----</div> </blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic