At Sky, I came across a problem with my dev virtual machine, so thought I would share my woes.
For whatever reason, IE8 doesn’t like self-signed wildcard ssl certificates. The SSL certificate I had was *.dev (for mvegas.bd.dev and identity.bd.dev) – IE8 refused to acknowledge the certificate until I created a new openssl multi-domain certificate. To do that:
- create the certificate with mvegas.xx.dev
- create the *.csr and the *.key files as usual
before generating the *.crt file, create a *.cnf file with the following:
subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev
when generating the *.crt file, append the –extfile flag:
openssl genrsa -out ca.key 1024
- openssl req -new -key ca.key -out ca.csr
- echo “subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev” > ca.cnf
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -extfile ca.cnf
cp ca.key /etc/pki/tls/private/ca.key
- cp ca.csr /etc/pki/tls/private/ca.csr
cp ca.crt /etc/pki/tls/certs
service httpd restart
Hope that helps someone 🙂