1

I have a rails application up on a linode ubuntu 11 server, running apache2. I have a cert purchased from godaddy, (where we also bought our domain) and the cert is installed on my server.

Part of my virtual host file:

ServerName my_site.com
ServerAlias www.my_site.com

SSLEngine On
SSLCertificateFile      /path/my_site.com.crt
SSLCertificateKeyFile   /path/my_site.com.key
SSLCertificateChainFile /path/gd_bundle.crt

The cert works fine in Chrome, FireFox and IE 9+ but in IE 8- I get this error:

There is a problem with this website's security certificate.

The security certificate presented by this website was 
issued for a different website's address.

I'm hosting multiple rails apps on this same server (4 right now plus some old php sites that don't need ssl).

I have tried googling every possible combination of the error/situation that I could think of but at this point I'm shooting in the dark. The closest I could come up with is that some versions if IE don't support SNI. But that doesn't apply here because I am getting the warning on windows 7 machines running IE 8, and the SNI only seemed to apply to IE 8 if the operating system was windows XP.

So why is this cert being accepted by all browsers but giving me a warning in IE 8?

Edit:

So doing a little more digging and I figured out some more. It turns out this is effecting IE 9 as well. However the problem seems to be that IE is not traversing the ssl chain to get to the right cert. FireFox and Chrome when I go to view certificate show the correct one, but IE is showing one of our other sites certificates.

REAL QUESTION HERE:

That being the case why is IE not getting the right certificate when others are and how do I fix it?

Ryan
  • 172
  • 8
  • view the certificate details in IE8 (Safety>security report>view cert), does it show (as it claims) that the certificate is for a different hostname than the actual site? I've seen problems like this with Chrome very often in the past, it would show a bad cert on a site that was fine (even gmail for example), then the next day it would be back green. – user16081-JoeT Nov 07 '12 at 21:09
  • @user16081 I'll check, but its been a problem for weeks, hence my frustration and question here. I've run into similar things to what you describe, I only wish this was one of those times! – Ryan Nov 07 '12 at 21:12
  • @user16081 based on my edit do you have any suggestions ? – Ryan Nov 07 '12 at 21:45
  • 1
    are you using a single ip address for multiple sites? Or is there some kind of load balancing going on? – user16081-JoeT Nov 07 '12 at 22:52
  • @user16081 we are using a single ip address set up with multiple named virtual hosts – Ryan Nov 07 '12 at 23:47
  • I'm sure that has something to do with it, but I have no idea how you'd fix that - I have each of my secure sites on its own ip address. not sure if browser support for SNI is coming into play? http://en.wikipedia.org/wiki/Server_Name_Indication#Browsers_with_support_for_TLS_server_name_indication.5B5.5D – user16081-JoeT Nov 08 '12 at 15:10
  • Does checking the site with SSL Labs give the warning message [This site works only in browsers with SNI support](http://serverfault.com/q/449369/39133)? – TRiG Feb 06 '14 at 04:22

0 Answers0