So, you’ve got your shiny new certificate, and your good old server. You’ve installed the certificate, chain or intermediate certificate, and all is nice and clean in FireFox, Chrome, Chromium, etc.
Then, your boss opens up his IE, and gets Certificate Error – “not issued by trusted certificate authority” and/or “issued for a different website’s address”. Of course, that’s a major pain, as IE – however bad, buggy and crappy it is – still holds majority of browsers market, as most computer users are incapable of installing a better browser.
If you’re sure that all works fine in FireFox and/or Chrome/Chromium, this might be an IE specific bug (aka “feature“) that I’ve hit recently also.
If you have several self-signed certificates on your server (who needs a signed one for private/admin sections?), and a signed certificate, IE somehow (I’m not really sure how?!) catches the first certificate with respect to the order the VirtualHost’s are defined in Apache.
If this happens to be your private site/domain with self-signed certificate, you’ll get the above error while accessing the domain with the signed certificate.
To solve this, make sure your VirtualHost definition for the site/domain with signed certificate is included before sites/domains with self-signed certificates.
To illustrate – suppose you have admin.domain.com subdomain that points to your private admin panel, with self-signed certificate. Now, you buy signed certificate for www.domain.com, and install as per issuer’s instructions.
If your admin.domain.com vhost definition appears ahead of the www.domain.com vhost, you’ll get “certificate error” in IE. If you move admin.domain.com definition after the www.domain.com definition, the error will go away.
Yes, it’s just another WTF?! gift from MickeySoft™.
What happens in IE when you need to have 2+ signed certificates on a single server? No idea… Don’t even wanna know.
