Ssl – New SSL Certificate Installation Errors on

apache-2.2godaddysslssl-certificateweb-server

We replaced an old SSL certificate with a new wildcard SSL certificate from GoDaddy. We switched out this certificate last week and have been receiving calls from customers trying to register ever since about the following error.

enter image description here

We cannot figure out what on earth is going on as we have tested this cert in IE 6,7,8, Chrome, & Firefox without receiving any errors, but we know there is a problem as we continue to get calls. For the record, we do have multiple SSL certificates installed on this box, but are using separate IP addresses to serve them up.

Any help or ideas would be greatly appreciated.

Thank you,

Best Answer

$ curl -Iv https://classes.stcharleshealthcare.org/
* About to connect() to classes.stcharleshealthcare.org port 443 (#0)
*   Trying 67.59.90.121... connected
* Connected to classes.stcharleshealthcare.org (67.59.90.121) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: serialNumber=ESKZZ-OSKRZAHAnZ8ssPXoULbrv1/Obw; C=US; ST=Oregon; L=Bend; O=St. Charles Medical Center; OU=GT14856843; CN=*.scmc.org
*    start date: 2010-10-10 19:25:39 GMT
*    expire date: 2012-01-13 10:20:49 GMT
*    subjectAltName does not match classes.stcharleshealthcare.org
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
* SSL peer certificate or SSH remote key was not OK
curl: (51) SSL peer certificate or SSH remote key was not OK

So, the DNS for classes.stcharleshealthcare.org is going to a server that is presenting the SSL cert for *.scmc.org. Check your DNS and/or your virtual host definitions in Apache.

Related Topic