Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions
Reload this Page Thawte SSL Cert - Apache shows waring CN does not match server name
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th February 2013, 22:01
DantePasquale DantePasquale is offline
Member
  
Join Date: Feb 2007
Location: Lakewood, OH US
Posts: 97
Thanks: 10
Thanked 3 Times in 3 Posts
Send a message via AIM to DantePasquale
Default Thawte SSL Cert - Apache shows waring CN does not match server name
Hi All,

I recently requested a thawte SSL cert for one of my customers. i have downloaded the crt and installed via the ISPConfig 3 CP. I have also included their 'bundle' crt.

Things are basically working but I see in the Apache error log:

Code:
[Mon Feb 18 13:59:53 2013] [warn] RSA server certificate CommonName (CN) `www.sfpi.com' does NOT match server name!?
If I dump the crt via openssl I see:

Code:
root@webserver2:/var/www/sfpi.com/ssl# openssl x509 -in www.sfpi.com.crt -noout -subject
subject= /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Ohio/businessCategory=Private Organization/O=Self Funded Plans, Inc./serialNumber=559576/C=US/ST=Ohio/L=Cleveland/CN=www.sfpi.com
In the /etc/apache2/sites-available I see:

Code:
    ServerName sfpi.com
    ServerAlias www.sfpi.com
So, from the screen where I requested the SSL for this site I entered:

Organizational Unit: www.sfpi.com
SSL Domain: www.sfpi.com

Should I have set the OU to 'sfpi.com' instead of 'www.sfpi.com'?
But when I did that and requested from thawte, the cert came back w/o the 'www' So I'm confused

Thanks,
Danté
Reply With Quote
Sponsored Links
  #2  
Old 19th February 2013, 19:55
falko falko is online now
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,599 Times in 2,448 Posts
 
Default
You should ask Thawte if the certificate is valid for www.sfpi.com and sfpi.com. Usually that is the case (at least with the CAs I use to work with) - maybe Thawte has a different policy?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
ispconfig 3, ssl apache2, ssl bundle, ssl certificates

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
500 internal error after upgrade abintipl Installation/Configuration 9 18th July 2012 12:51
Local mail server - final touch Alexhor Installation/Configuration 4 12th April 2012 22:33
ISPConfig 3 Installation - Postfix queue stuck andrew971218 Installation/Configuration 21 15th July 2011 14:42
Not working emails (DNS and postfix problem?) shekiman Installation/Configuration 9 1st March 2011 16:25
SSL don't work please help me walner8080 Installation/Configuration 8 26th September 2010 12:07


All times are GMT +2. The time now is 17:08.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.