Monthly Archives: April 2013

IE8 Self Sign Certificate Issue with Wildcard Domains

At Sky, I came across a problem with my dev virtual machine, so thought I would share my woes.

For whatever reason, IE8 doesn’t like self-signed wildcard ssl certificates. The SSL certificate I had was *.dev (for mvegas.bd.dev and identity.bd.dev) – IE8 refused to acknowledge the certificate until I created a new openssl multi-domain certificate. To do that:

  • create the certificate with mvegas.xx.dev
  • create the *.csr and the *.key files as usual
  • before generating the *.crt file, create a *.cnf file with the following:

    subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev
    
  • when generating the *.crt file, append the –extfile flag:

  • openssl genrsa -out ca.key 1024

  • openssl req -new -key ca.key -out ca.csr
  • echo “subjectAltName=DNS:mvegas.xx.dev,DNS:identity.xx.dev” > ca.cnf
  • openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -extfile ca.cnf

  • cp ca.key /etc/pki/tls/private/ca.key

  • cp ca.csr /etc/pki/tls/private/ca.csr
  • cp ca.crt /etc/pki/tls/certs

  • service httpd restart

Hope that helps someone 🙂

Share