Join Log in
Score:0
Yasmeen Ali avatar Server

SSL Certificate for host poiting to CNAME

ng flag
Yasmeen Ali

Hi apologies if this has been asked before but i didn't find a clear cut example.

Lets assume the following scenario, I've a third party server, "sub.example.com" that has a CNAME pointing to a third party provider, "thirdparty.com".

Now when i access, "https://sub.example.com" i receive a certificate mismatch error as the certificate we're accessing is for "thirdparty.com". However, when i access "http://sub.example.com" i don't receive any error and the am redirected to the 3rd party provider. How do i go about installing a valid SSL certificate on "sub.example.com" provided i don't have access to "thirdparty.com" at all.

39
0 + 6
ssl
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Web server is configured incorrectly; likely the correct certificate isn't configured properly. You can associate the host name with IP any way you want (CNAME, A, wildcard A and even wildcard CNAME), PKI won't bother unless you have IP directly in the SAN field of the certificate, which could hardly be your case. It only bothers to check whether the host name you use matches something in the certificate sent by the server you are communicating with, no matter how you managed to access it. To help further we need to see your, supposedly wrong, web server configuration.
0
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
And, if you don't have access to that web server "at all", we can't help, "at all". Then this is off topic on ServerFault. Ask the operators of "thirdparty.com" for the resolution, it's their duty.
1
Reply
Steffen Ullrich avatar
se flag
Steffen Ullrich
Does this answer your question? [How do I add an SSL certificate to a CNAME?](https://serverfault.com/questions/883983/how-do-i-add-an-ssl-certificate-to-a-cname)
0
Reply
Yasmeen Ali avatar
ng flag
Yasmeen Ali
Not really, some more context if this might be useful, the records are set something like, enterpiseenrollment.example.com CNAME EnterpriseEnrollment-s.manage.microsoft.com Microsoft won't help me and won't provide any resources i can refer to. Just to clarify, the Microsoft subdomain has a valid SSL certificate of its own. I can't figure out how to include my subdomain "sub.example.com" in this certificate or even install a certificate on this as it has no web server or anything running on it.
0
Reply
Yasmeen Ali avatar
ng flag
Yasmeen Ali
i found the following which is a similar case, [here](https://serverfault.com/questions/857893/how-to-manage-https-for-cnames-of-different-domains-on-my-domain-different-one). So from what i understand, my 3rd party would have to accommodate for my certificate and i would have to provide them with one
1
Reply
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
As I said, ask operators of your "third party".
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.