Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?

Wed, 29 Jan 2003 03:07:06 -0800

Hello Owen and Toftum,

thanks for your mail.

Hello all,

I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 
7.1).

I have created a SSL server certificate using a self-made CA, and am 
sure that
the Common Name in the Server Certificate und ServerName in http.conf 
file are
the same "yin.fokus.gmd.de", which is identical with the host address.

Really? Are you sure you have the line:

	ServerName yin.fokus.gmd.de

in the SSL VH config?
Do you mean that I should configure VirtualHost in the http.conf file? But I think the Virtual Host is used for the case
of more than one web site running on a single machine. Is this correct? On my Laptop there is only one web site "yin.fokus.gmd.de".
I now have tried to configure VirtualHost and it is the same error.

If so, are you sure the certificate's common name is yin.fokus.gmd.de?
Don't just say "Yes", check it with:

	openssl x509 -subject -in /path/to/cert

then see what "CN=" is set to.

I have checked it and They are the same ("CN=" is set to "yin.fokus.gmd.de).



I now start apache with "apachect1 startssl"and get the 
following message
in error_log file, but no errors in the console
---->
[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate 
CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret 
for digest 
authentication ...
[Wed Jan 29 08:34:03 2003] [notice] Digest: done
[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate 
CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?
[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) 
mod_ssl/2.0.43 
OpenSSL/0.9.6g DAV/2 configured
-- resuming normal operations
<---

if I try and access the secure site (https://yin.fokus.gmd.de) 
I get the 
following error message in browser
(but I can start the normal site http://yin.fokus.gmd.de):
------>
The server's certificate has an invalid signature. You will 
not be able 
to connect to this site securely.
<------

Your domain name is not in public DNS so I suppose you do this locally.
You are right. I try this on my laptop for our future projekt. Shoud I use the IP address and not host name in the server certificate?
but it is changed frequently.

Best Regards,

Aihong Yin.




 


            

            
            





















					Reply via email to