?
Solved

Install SSL certicate that has a different hostname than server?

Posted on 2007-11-20
14
Medium Priority
?
2,528 Views
Last Modified: 2013-12-11
I have a customer that has an IBM Websphere server that he wants to enable SSL on.  The certificate that was ordered has a different name that the server name.  The customer cannot rename the server or order another certificate.  Is there a way to get this certificate installed without rebuilding the server or renaming it?
0
Comment
Question by:bdcwork
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
14 Comments
 
LVL 2

Expert Comment

by:gmilhon
ID: 20322422
As part of cert verification browsers require the cert's CN to match the hostname. All you need to do is setup a DNS record to point to your server with the CN that was created. Example: if your servers IP address is 1.2.3.4 and the CN on the cert is server.domain.com, then setup a DNS record for server.domain.com to point to 1.2.3.4. IBM WAS doesn't care what the cert it, it will just present it back to the client. And the client ensures that the hostname entered for the URL matches the CN in the cert. If they don't match, the user will be prompted with a warning.
0
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 1000 total points
ID: 20322470
A registered SSL cert is certified by the vendor and is appointed to that server/domain name. If you were able to move the verified certificate to another server with a different name, then that would open up loop holes for running illegal sites with real certificates.
0
 

Author Comment

by:bdcwork
ID: 20322571
What if websphere won't accept the certificate into the keystore because the hostname is different?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:gmilhon
ID: 20322605
Websphere doesn't care about the hostname, you can just import the cert into your JKS (Java Key Store) using ikeyman, IBM's key manager. Then configure the WAS server to use that. You will also need to make sure you setup the virtual hosts to accept requests for your DNS name in the CN.
0
 

Author Comment

by:bdcwork
ID: 20322677
Do you have a code snippet or reference on how to have websphere use that keystore?  I still cannot import the cert because the host specified is different...
0
 
LVL 2

Expert Comment

by:gmilhon
ID: 20323197
How are you trying to put the cert in the keystore? Are you using ikeyman? Please post the specific errors you are getting and how you are doing it.
0
 

Author Comment

by:bdcwork
ID: 20323853
The error I get is:

CWPKI0662E: Certificate with a public key matching the public key in the certificate from the Certificate Authority is not found in key store "WCServerKeyStore".
0
 
LVL 2

Assisted Solution

by:gmilhon
gmilhon earned 1000 total points
ID: 20329535
This isn't a problem with the hostname or CN. You need to import the root CA intermediate cert into your keystore if it isn't there already. The keystore needs to include the cert that your cert was signed with, this is called the root CA cert. You can d/l all the root CAs here: http://www.verisign.com/support/roots.html. From that ZIP, install all the certs you need that your cert was signed with.

If you need help in knowing which one to install in your keystore, you will need to post the cert chain for your cert. Or just post the public cert here.
0
 

Author Comment

by:bdcwork
ID: 20330445
I will try that out after the holiday...thanks....
0
 
LVL 2

Expert Comment

by:gmilhon
ID: 20405093
Please let me know if you have any questions or can close this question out.
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 20718756
Is this issue resolved or still needs to be addressed?
http://www.experts-exchange.com/help.jsp#hi331
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month14 days, 12 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question