At Sky, I came across a problem with my dev virtual machine, so thought I would share my woes.

For whatever reason, IE8 doesn’t like self-signed wildcard ssl certificates. The SSL certificate I had was *.dev (for mvegas.bd.dev and identity.bd.dev) – IE8 refused to acknowledge the certificate until I created a new openssl multi-domain certificate. To do that:

• create the certificate with mvegas.xx.dev
• create the *.csr and the *.key files as usual

• before generating the *.crt file, create a *.cnf file with the following:

  subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev
  

• when generating the *.crt file, append the –extfile flag:

• openssl genrsa -out ca.key 1024

• openssl req -new -key ca.key -out ca.csr
• echo “subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev” > ca.cnf

• openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -extfile ca.cnf

• cp ca.key /etc/pki/tls/private/ca.key

• cp ca.csr /etc/pki/tls/private/ca.csr

• cp ca.crt /etc/pki/tls/certs

• service httpd restart

Hope that helps someone 🙂