HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Thawte SSL Cert - Apache shows waring CN does not match server name (http://www.howtoforge.com/forums/showthread.php?t=60607)

DantePasquale 18th February 2013 22:01
Thawte SSL Cert - Apache shows waring CN does not match server name
 
Hi All,

I recently requested a thawte SSL cert for one of my customers. i have downloaded the crt and installed via the ISPConfig 3 CP. I have also included their 'bundle' crt.

Things are basically working but I see in the Apache error log:

Code:
[Mon Feb 18 13:59:53 2013] [warn] RSA server certificate CommonName (CN) `www.sfpi.com' does NOT match server name!?
If I dump the crt via openssl I see:

Code:
root@webserver2:/var/www/sfpi.com/ssl# openssl x509 -in www.sfpi.com.crt -noout -subject
subject= /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Ohio/businessCategory=Private Organization/O=Self Funded Plans, Inc./serialNumber=559576/C=US/ST=Ohio/L=Cleveland/CN=www.sfpi.com
In the /etc/apache2/sites-available I see:

Code:
    ServerName sfpi.com
    ServerAlias www.sfpi.com
So, from the screen where I requested the SSL for this site I entered:

Organizational Unit: www.sfpi.com
SSL Domain: www.sfpi.com

Should I have set the OU to 'sfpi.com' instead of 'www.sfpi.com'?
But when I did that and requested from thawte, the cert came back w/o the 'www' :) So I'm confused :(

Thanks,
Danté

falko 19th February 2013 19:55
You should ask Thawte if the certificate is valid for www.sfpi.com and sfpi.com. Usually that is the case (at least with the CAs I use to work with) - maybe Thawte has a different policy?


All times are GMT +2. The time now is 07:39.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.