I recently requested a thawte SSL cert for one of my customers. i have downloaded the crt and installed via the ISPConfig 3 CP. I have also included their 'bundle' crt.
Things are basically working but I see in the Apache error log:
[Mon Feb 18 13:59:53 2013] [warn] RSA server certificate CommonName (CN) `www.sfpi.com' does NOT match server name!?
If I dump the crt via openssl I see:
root@webserver2:/var/www/sfpi.com/ssl# openssl x509 -in www.sfpi.com.crt -noout -subject
subject= /126.96.36.199.4.1.3188.8.131.52.3=US/184.108.40.206.4.1.3220.127.116.11.2=Ohio/businessCategory=Private Organization/O=Self Funded Plans, Inc./serialNumber=559576/C=US/ST=Ohio/L=Cleveland/CN=www.sfpi.com
In the /etc/apache2/sites-available I see:
So, from the screen where I requested the SSL for this site I entered:
Organizational Unit: www.sfpi.com
SSL Domain: www.sfpi.com
Should I have set the OU to 'sfpi.com' instead of 'www.sfpi.com'?
But when I did that and requested from thawte, the cert came back w/o the 'www'
So I'm confused