Our off-shore security consultant sent me an email about a security issue on our webserver.
"The subject's common name (CN) field in the x.509 certificate should be fixed to reflect the name of the entity presenting the certificate (e.g. the hostname). This is done by generating a new certificate. ISSUE: X.509 certificate does not match the entity name. " i ran: # openssl x509 -noout -text -in server.crt .... Subject: serialnurmber=<series of numbers here> O=MIS Division, C=PH, ST,=Manila,OU=MIS Unit,CN=www.ourdomain.com .... my server's hostname are: linux1.ourdomain.com, linux2.ourdomain.com, linux3.ourdomain.com and they are in a load-balancer's rotation for http://www.ourdomain.com i don't know much about x.509 and i want to understand a little more. Verisign is the CA on my certificate. Does the CN value needs to match the server's hostname? How do i fix this? thanks, sirjune __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
