3

I am new to SSL certification, and have just purchased a standard SSL certificate for a single sub-domain; however, when my server administrator installed it using cPanel on the main domain, HTTPS requests claim that the common name of the SSL certificate is wrong and that it is *.bluehost.com.

When my server administrator contacted bluehost about this, they claimed that it was only possible to install SSL certificates on subdomains if we purchase a wildcard SSL certificate.

This disagrees with what I have found here, and so I am unsure about what my next steps should be?

Community
  • 1
Thomas Russell
  • 131
  • 3
  • In my opinion, if you would like to get more folks to help, you need to pose the technical problem you are trying to solve. For example, most certs are signed as the naked domain and "www". What are you trying to use it with? – Aaron Feb 06 '16 at 17:10
  • @Aaron So, I have purchased an SSL certificate for `saneco.enactussouthampton.com`, and it is verified etc. The administrator for `enactussouthampton.com` installed it on the server using the cPanel and instructions here (https://uk.godaddy.com/help/installing-ssl-certificates-on-your-cpanelwhm-server-5240). However, if I now try to access `https://saneco.enactussouthampton.com` it tells me that there is a common name error on the certificate. – Thomas Russell Feb 06 '16 at 17:15
  • The cert is not installed on the IP that name points to. That is using `*.bluehost.com` and `bluehost.com`. – Aaron Feb 06 '16 at 17:21
  • You may want to use [Qualys](https://www.ssllabs.com/ssltest/index.html) and [SSLShopper](https://www.sslshopper.com/ssl-checker.html) to validate they have installed the cert correctly each time they make a change. Anyway, to answer your question, you do not need a wildcard cert unless your cert is not also signed with saneco. If it is just the naked domain and www, you would need a different cert **or** a wildcard cert. – Aaron Feb 06 '16 at 17:23

1 Answers1

1

Do I need a wildcard cert

You would need a wildcard certificate if you planned on using multiple records with a single certificate. Typically, a non wildcard cert will be signed with the naked domain and one other name you choose. Default is usually "www". Each CA is a little different in the manner they present these options.

If you are planning on using that certificate with "www" and the name you have mentioned in the comments, then you would indeed need a wildcard cert.

If you are only using that one name or the naked domain with the cert you purchased and the cert contains that name, then perhaps they are doing something incorrect on their end, or there is a miscommunication occuring. If either party is lacking coffee, this can happen.

In your case, I can not clearly answer this just yet, as the cert being presented on the name you mentioned is for the ISP. Perhaps they are using SNI in which case the default cert could be for their site and this would be expected.

This Thread offers great insight into this question as well. You may also want to read up on how to validate your SSL certificate using OpenSSL so that you can be sure what you purchased contains the name of your site.

Community
  • 1
Aaron
  • 2,809
  • 2
  • 11
  • 29