We have a server setup as SNI only running on a single IP. We have a SSL enabled website running as "blah.example.com" that uses a cert for "*.example.com". When we setup a second SSL site for "test.blah.example.com", virtualmin linked the site to the "*.example.com" cert, which won't work because it's a second domain deep. We have a cert for "test.blah.example.com", but we have no way of applying it (through the gui) to the site.
There are a few changes that I would be happy to see:
- The certificate linking process understands that a star cert should only be used for a domain of that depth. It should not be used for deeper subdomains.
- The ability to override/break the certificate linking that virtualmin has done.
- The ability to prevent the automatic linking of certificates as a global virtualmin setting
The ability to break the certificate linking would also be useful in the case you wanted to apply a cert for an alias. As of now, virtualmin could link the certificate based on the parent domain, but you have no way of changing the cert (through the gui) to a cert for the alias. Adding an alias is often our preference over "changing the domain" of the site.
Comments
Submitted by JamieCameron on Thu, 02/25/2016 - 23:47 Comment #1
Huh, I didn't realize that *.domain.com wouldn't match foo.bar.domain.com - we will fix that in the next release.
Regarding cert linkage, it should be automatically broken by Virtualmin when necessary, such as if the domain name changes, its owner change, or the cert changes to one that no longer matches.