>-----Original Message----- >From: Aihong Yin [mailto:[EMAIL PROTECTED]] >Sent: Mittwoch, 29. Januar 2003 12:47 >To: [EMAIL PROTECTED] >Subject: Re: [warn] RSA server certificate CommonName (CN) >`yin.fokus.gmd.de' does NOT match server name!? > > > >Boyle Owen wrote: > >>PLease post in plain text - my mail client doesn't handle HTML mail... >> >>The thing you type into the browser's Location window has to match >>what's in the cert. Does it? >> >Yes, it does. but this error "[warn] RSA server certificate >CommonName (CN) >does NOT match server name!?" is given during the HTTPS server start. >and the next step is to start the browser.
In your httpd.conf you must have a ServerName directive - what is it set to? It must be the same as the common name in the cert. > >>If you are doing all this on a standalone >>laptop, I doubt it. >> >Could you tell me the reason? what do you mean "standalone"? >The laptop get >it's IP address during reboot using DHCP. So how do you access the web site? You must type something into the browser - unless you type yin.fokus.gmd.de, you will get a warning. But how can you type this in? - you would need a local DNS set up to resolve this domain. Do you have this? > Is this correct? > >Best Regards, >Aihong Yin. > >>-----Original Message----- >>From: Aihong Yin [mailto:[EMAIL PROTECTED]] >>Sent: Mittwoch, 29. Januar 2003 12:07 >>To: [EMAIL PROTECTED] >>Subject: Re: [warn] RSA server certificate CommonName (CN) >>`yin.fokus.gmd.de' does NOT match server name!? >> >> >>Hello Owen and Toftum, >> >>thanks for your mail. >> >> >>Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g >>on RedHat 7.1).I have created a SSL server certificate using >a self-made >>CA, and am sure thatthe Common Name in the Server Certificate und >>ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is >>identical with the host address. >>Really? Are you sure you have the line: ServerName >yin.fokus.gmd.dein >>the SSL VH config? >>Do you mean that I should configure VirtualHost in the http.conf file? >>But I think the Virtual Host is used for the case >>of more than one web site running on a single machine. Is >this correct? >>On my Laptop there is only one web site "yin.fokus.gmd.de". >>I now have tried to configure VirtualHost and it is the same error. >> >> >>If so, are you sure the certificate's common name is >>yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509 >>-subject -in /path/to/certthen see what "CN=" is set to. >> >>I have checked it and They are the same ("CN=" is set to >>"yin.fokus.gmd.de). >> >> >> >>I now start apache with "apachect1 startssl"and get the following >>messagein error_log file, but no errors in the console---->[Wed Jan 29 >>08:34:02 2003] [warn] RSA server certificate CommonName >>(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan >29 08:34:03 >>2003] [notice] Digest: generating secret for digest authentication >>...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan >29 08:34:04 >>2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' >>does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] >>Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- >>resuming normal operations<---if I try and access the secure site >>(https://yin.fokus.gmd.de) I get the following error message in >>browser(but I can start the normal site >>http://yin.fokus.gmd.de):------>The server's certificate has >an invalid >>signature. You will not be able to connect to this site >securely.<------ >>Your domain name is not in public DNS so I suppose you do >this locally. >>You are right. I try this on my laptop for our future projekt. Shoud I >>use the IP address and not host name in the server certificate? >>but it is changed frequently. >> >>Best Regards, >> >>Aihong Yin. >> >>This message is for the named person's use only. It may contain >>confidential, proprietary or legally privileged information. No >>confidentiality or privilege is waived or lost by any mistransmission. >>If you receive this message in error, please notify the >sender urgently >>and then immediately delete the message and any copies of it from your >>system. Please also immediately destroy any hardcopies of the message. >>You must not, directly or indirectly, use, disclose, >distribute, print, >>or copy any part of this message if you are not the intended >recipient. >>The sender's company reserves the right to monitor all e-mail >>communications through their networks. Any views expressed in this >>message are those of the individual sender, except where the message >>states otherwise and the sender is authorised to state them to be the >>views of the sender's company. >>______________________________________________________________________ >>Apache Interface to OpenSSL (mod_ssl) www.modssl.org >>User Support Mailing List [EMAIL PROTECTED] >>Automated List Manager [EMAIL PROTECTED] >> > >-- > > > > > > > > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]