Thawte SSL Cert - Apache shows waring CN does not match server name

Discussion in 'HOWTO-Related Questions' started by DantePasquale, Feb 18, 2013.

  1. DantePasquale

    DantePasquale Member HowtoForge Supporter

    Hi All,

    I recently requested a thawte SSL cert for one of my customers. i have downloaded the crt and installed via the ISPConfig 3 CP. I have also included their 'bundle' crt.

    Things are basically working but I see in the Apache error log:

    Code:
    [Mon Feb 18 13:59:53 2013] [warn] RSA server certificate CommonName (CN) `www.sfpi.com' does NOT match server name!?
    
    If I dump the crt via openssl I see:

    Code:
    root@webserver2:/var/www/sfpi.com/ssl# openssl x509 -in www.sfpi.com.crt -noout -subject
    subject= /1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Ohio/businessCategory=Private Organization/O=Self Funded Plans, Inc./serialNumber=559576/C=US/ST=Ohio/L=Cleveland/CN=www.sfpi.com
    
    In the /etc/apache2/sites-available I see:

    Code:
        ServerName sfpi.com
        ServerAlias www.sfpi.com
    
    So, from the screen where I requested the SSL for this site I entered:

    Organizational Unit: www.sfpi.com
    SSL Domain: www.sfpi.com

    Should I have set the OU to 'sfpi.com' instead of 'www.sfpi.com'?
    But when I did that and requested from thawte, the cert came back w/o the 'www' :) So I'm confused :(

    Thanks,
    Danté
     
  2. falko

    falko Super Moderator ISPConfig Developer

    You should ask Thawte if the certificate is valid for www.sfpi.com and sfpi.com. Usually that is the case (at least with the CAs I use to work with) - maybe Thawte has a different policy?
     

Share This Page