I'm using wild card certificate on F5 to offload SSL for my Web-Servers. Already upload wildcard certificate to F5 without any issue. Currently, when try access the url for my Web Server get the error on web browser:
The url that I´m trying is:
My certificate in my New Client-SSL profile is:
Common name: *.mydomain.com.br
Organization: MyDomain C.O.
Location: My CITY, MyState, MyCountry
Valid from Jan 01, 2019 to December 12, 2020
Encryption Issuer: MyCA-corp RSA CA 2019
Wildcard certificates don’t go more than one level.
So *.example.com will cover external.example.com but not *.external.example.com
You either need to move the domain to be directly under example.com or get another wildcard for *.external.example.com
I was going to say the same thing :)
Thanks it was the C.A told me, customer will issue new Cert.
Have you tried other browsers? I know there are some weird chrome bugs with this wanting alternative names and the like.
Can you paste your certificate key chain from your SSL profile (minus anything identifying oc)
Yes, for others Browsers:
Have you checked your cert? The actual cert is different from the cert you are providing.
Version: 3 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2
Not Before: Oct 17 07:13:06 2017 GMT
Not After : Dec 11 08:45:40 2020 GMT
Subject: OU=Domain Control Validated, CN=cc.sedoparking.com
X509v3 Subject Alternative Name:
Error tell everething you need
service.external.mydomain.com.br uses an invalid security certificate.
The certificate is only valid for cc.sedoparking.com.
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Update you cert to a valid one.
This is not my owner Cert... Thanks for your help
I am getting this cert while accessing https://service.external.mydomain.com.br,
If this is wrong cert, then you need to check where it is coming from.
Thanks for your Reply... the url https://service.external.mydomain.com.br, is a dummy url to post for customer privacity reason ;)
We found the solution, that already checked as correct answer on this post....
Many Thanks for you help
Self-signed certificates aren't trusted by browsers because they are generated by your server, not by a CA mybkexperience.