Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th February 2013, 22:01
DantePasquale DantePasquale is offline
Senior Member
 
Join Date: Feb 2007
Location: Lakewood, OH US
Posts: 108
Thanks: 10
Thanked 3 Times in 3 Posts
Send a message via AIM to DantePasquale
Default Thawte SSL Cert - Apache shows waring CN does not match server name

Hi All,

I recently requested a thawte SSL cert for one of my customers. i have downloaded the crt and installed via the ISPConfig 3 CP. I have also included their 'bundle' crt.

Things are basically working but I see in the Apache error log:

Code:
[Mon Feb 18 13:59:53 2013] [warn] RSA server certificate CommonName (CN) `www.sfpi.com' does NOT match server name!?
If I dump the crt via openssl I see:

Code:
root@webserver2:/var/www/sfpi.com/ssl# openssl x509 -in www.sfpi.com.crt -noout -subject
subject= /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Ohio/businessCategory=Private Organization/O=Self Funded Plans, Inc./serialNumber=559576/C=US/ST=Ohio/L=Cleveland/CN=www.sfpi.com
In the /etc/apache2/sites-available I see:

Code:
    ServerName sfpi.com
    ServerAlias www.sfpi.com
So, from the screen where I requested the SSL for this site I entered:

Organizational Unit: www.sfpi.com
SSL Domain: www.sfpi.com

Should I have set the OU to 'sfpi.com' instead of 'www.sfpi.com'?
But when I did that and requested from thawte, the cert came back w/o the 'www' So I'm confused

Thanks,
Danté
Reply With Quote
Sponsored Links
  #2  
Old 19th February 2013, 19:55
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

You should ask Thawte if the certificate is valid for www.sfpi.com and sfpi.com. Usually that is the case (at least with the CAs I use to work with) - maybe Thawte has a different policy?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
ispconfig 3, ssl apache2, ssl bundle, ssl certificates

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
500 internal error after upgrade abintipl Installation/Configuration 9 18th July 2012 12:51
Local mail server - final touch Alexhor Installation/Configuration 4 12th April 2012 22:33
ISPConfig 3 Installation - Postfix queue stuck andrew971218 Installation/Configuration 21 15th July 2011 14:42
Not working emails (DNS and postfix problem?) shekiman Installation/Configuration 9 1st March 2011 16:25
SSL don't work please help me walner8080 Installation/Configuration 8 26th September 2010 12:07


All times are GMT +2. The time now is 21:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.