Home > Software design >  Wildcard SSL from Letsencrypt - Ok, but CN still “domain.com” not “*.domain.com”
Wildcard SSL from Letsencrypt - Ok, but CN still “domain.com” not “*.domain.com”

Time:09-13

SYSTEM INFORMATION
OS type and version CentOS Linux 7.5.1804 Webmin version [1.998] Virtualmin version [7.1] I installed a wildcard ssl certificate from Letsencrypt but in the browser when verifying the certificate it shows CN = “domain.com” not “*.domain.com”. What do I need to do, what settings to enter in order to display the correct wildcard certificate? Thanks!

CodePudding user response:

The server is not properly configured. TLS works with IPv4 for both 2much.info and bauhaus.2much.info. For IPv6 though there is no address with 2much.info but there is one for bauhaus.2much.info. Only, TLS is not enabled here, it returns instead plain HTTP on port 443.

IPv6 capable clients will usually prefer IPv6 to IPv4. The attempt of using Opera without VPN might be done in a IPv4 environment, so the working IPv4 address is used. When using the VPN though other systems will access the target and these might be IPv6 enabled - in which case the access fails.

This can also be seen in a IPv6 capable environment. It is working with IPv4:

$ openssl s_client -connect bauhaus.2much.info:443 -4
...
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

But failing with IPv6

$ openssl s_client -connect bauhaus.2much.info:443 -6
CONNECTED(00000003)
140692571469632:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:

Page link:https//www.codepudding.com/Softwaredesign/542869.html

Prev:How to compare two lists and insert values based on one into the other by a property in kotlin?
Next:Connect with Liquibase (Docker) to a SSH tunneled database
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding