On 4/12/08, Sir June <[EMAIL PROTECTED]> wrote: > > Our off-shore security consultant sent me an email about a security issue on > our webserver. > > "The subject's common name (CN) field in the x.509 certificate should be > fixed to reflect the name of the entity presenting the certificate (e.g. the > hostname). This is done by generating a new certificate. ISSUE: X.509 > certificate does not match the entity name. " > > i ran: # openssl x509 -noout -text -in server.crt > > .... > Subject: serialnurmber=<series of numbers here> > O=MIS Division, C=PH, ST,=Manila,OU=MIS Unit,CN=www.ourdomain.com > .... > > my server's hostname are: linux1.ourdomain.com, linux2.ourdomain.com, > linux3.ourdomain.com and they are in a load-balancer's rotation for > http://www.ourdomain.com > > i don't know much about x.509 and i want to understand a little more. > Verisign is the CA on my certificate. > > Does the CN value needs to match the server's hostname? How do i fix this?
CN=*.ourdomain.com fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
