Web Server certificate question

Lou Picciano loupicciano at comcast.net
Tue Mar 24 11:02:43 EDT 2015


Jim, 

This is generally a constraint effected/controlled by the Certificate Authority. Generally speaking, the FQDN must match precisely the CN (Common Name) of the issued (sub-) certificate. You'd likely want to issue a server cert of the format myserver.JimsDomain.com. It's a common that a directly IP-addressed server would get choked on. 

This is all controlled by the 'rules' your issuing CA builds into its signing process - as well as any you determine, if you're issuing your own certs - as we do. 

Lou Picciano 

----- Original Message -----

From: "Jim Pistrang" <jim at jpcr.com> 
To: "Omnis List Mail" <omnisdev-en at lists.omnis-dev.com> 
Sent: Tuesday, March 24, 2015 10:50:52 AM 
Subject: Web Server certificate question 

Hi all, 

This isn't exactly an Omnis question, but it is related. Hope someone can help. 

I have an Omnis Javascript application running on a client site. The app is running on a Mac OS X Server inside their firewall. The app can be run from outside their firewall via a secure port in their firewall. When I do this, the url looks like this: 
<https://12.345.67.89:5922/rfMyApp.htm> 
In the above example, 12.345.67.89 is the IP address of the firewall, and port 5922 is a secure port opened to the server. Apache is listening on this port. 

This all works perfectly well, except that users get a warning saying that the site may not be secure. My client has asked that I purchase a trusted certificate for the site. I have done the following: 

1) Gave the server a host name of jimsdomain.com 
2) Registered jimsdomain.com and purchased a trusted certificate. [note: the domain name is not associated with an IP address] 
3) Added the certificate in Server Manager on the server, and it shows up as valid 

BUT - I still get warning messages in my browser when I access the app, since the url that I type in <https://12.345.67.89:5922/rfMyApp.htm> does not match the certificate name 'jimsdomain.com' 

Is there a way to do this? Do I need to install a certificate on the firewall? 

Jim 

-- 
Jim Pistrang 
JP Computer Resources 
413-256-4569 
<http://www.jpcr.com> 


_____________________________________________________________ 
Manage your list subscriptions at http://lists.omnis-dev.com 




More information about the omnisdev-en mailing list