If your site is protected by a wildcard server cert, with a common name such as CN=*.mycompany.com, and SAN (Subject Alternative Name) X509 attribute contains *.mycompany.com, mycompany.com values, then this certificate will cause a browser warning such as below
when protecting sites that have a different domain depth, for example "site1.us-east-1.mycompany.com" or "site2.us-west-1.mycompany.com". Since the server certificate was signed by a CA for *.mycompany.com, the site depth should match that of the certificate issued.
Two options are available to you:
- Reissue the server certificate and ask CA to add "site1.us-east-1.mycompany.com" and "site2.us-west-1.mycompany.com" explicitly to SAN attribute of the server certficate.
(OR)
- Modify your Route53 recordset to match the depth of the certificate that was originally issued. For example, "site1.us-east-1.mycompany.com" will need to be modified to "site1-us-east-1.mycompany.com" and "site2.us-west-1.mycompany.com to "site2-us-west-1.mycompany.com"
No comments:
Post a Comment