Long story short; you can only (reliably) use one SSL certificate per IP address. This is due to how SSL operates.
I'm guessing you are using Named Vhosts in Apache? For Apache to figure out the appropriate named vhost over HTTPS it first needs to establish an SSL handshake... so obviously it can't intelligently figure out which certificate to use. Hence using the default.
Your two main options are to either:
* Have a wildcard SSL (as you say, expensive)
* Get an additional IP address (pointed at the server) and send one of the domains from that IP
(SSL is a pain in the neck :P)
Cheers,
Tom
On 4 May 2012 13:03, Michael Peel
<michael.peel@wikimedia.org.uk> wrote:
Yes, it's a known issue that I haven't gotten to the bottom of yet. Basically we have two SSL certificates for the two subdomains, but the server assumes that one of them is the default one and uses that for all of the subdomains. I suspect we need to buy a wildcard SSL certificate to cover the whole of the wikimedia.org.uk domain, but we haven't done that yet because a) they're expensive and b) I'd like to investigate the problem more first to ensure that this would definitely fix the issue.
If anyone's particularly knowledgable about SSL certificates and their various nuances, please get in touch.
Thanks,
Mike
On 4 May 2012, at 12:58, Thomas Morton wrote:
> Hey all,
>
> Not sure who is responsible for this, or whether it is a known issue..
>
> but
donate.wikimedia.org.uk is throwing up a "Are you sure you want to visit this site" error (yup that red error page!) in Google Chrome due to an SSL certificate error.
>
> The certificate is signed for
directdebit.wikimedia.org.uk, not
donate.wikimedia.org.uk, so the browser considers it untrusted.
>
> Cheers,
> Tom
> _______________________________________________
> Wikimedia UK mailing list
> wikimediauk-l@wikimedia.org
> http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l
> WMUK: http://uk.wikimedia.org
_______________________________________________
Wikimedia UK mailing list
wikimediauk-l@wikimedia.org
http://mail.wikimedia.org/mailman/listinfo/wikimediauk-l
WMUK: http://uk.wikimedia.org