Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Hello Owen and Toftum,
thanks for your mail.
Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 7.1).I have created a SSL server certificate using a self-made CA, and am sure thatthe Common Name in the Server Certificate und ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is identical with the host address.
Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein the SSL VH config?
Do you mean that I should configure VirtualHost in the http.conf file? But
I think the Virtual Host is used for the case
of more than one web site running on a single machine. Is this correct? On
my Laptop there is only one web site "yin.fokus.gmd.de".
I now have tried toconfigure VirtualHost and it is the same error.
If so, are you sure the certificate's common name is yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509 -subject -in /path/to/certthen see what "CN=" is set to.
I have checked it and They are the same ("CN=" is set to "yin.fokus.gmd.de).
I now start apache with "apachect1 startssl"and get the following messagein error_log file, but no errors in the console[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest authentication ...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- resuming normal operations---if I try and access the secure site (https://yin.fokus.gmd.de) I get the following error message in browser(but I can start the normal site http://yin.fokus.gmd.de):--The server's certificate has an invalid signature. You will not be able to connect to this site securely.--
Your domain name is not in public DNS so I suppose you do this locally.
You are right. I try this on my laptop for our future projekt. Shoud I use
the IP address and not host name in the server certificate?
but it is changed frequently.
Best Regards,
Aihong Yin.
RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
PLease post in plain text - my mail client doesn't handle HTML mail... The thing you type into the browser's Location window has to match what's in the cert. Does it? If you are doing all this on a standalone laptop, I doubt it. -Original Message- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 29. Januar 2003 12:07 To: [EMAIL PROTECTED] Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!? Hello Owen and Toftum, thanks for your mail. Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 7.1).I have created a SSL server certificate using a self-made CA, and am sure thatthe Common Name in the Server Certificate und ServerName in http.conf file arethe same yin.fokus.gmd.de, which is identical with the host address. Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein the SSL VH config? Do you mean that I should configure VirtualHost in the http.conf file? But I think the Virtual Host is used for the case of more than one web site running on a single machine. Is this correct? On my Laptop there is only one web site yin.fokus.gmd.de. I now have tried to configure VirtualHost and it is the same error. If so, are you sure the certificate's common name is yin.fokus.gmd.de?Don't just say Yes, check it with: openssl x509 -subject -in /path/to/certthen see what CN= is set to. I have checked it and They are the same (CN= is set to yin.fokus.gmd.de). I now start apache with apachect1 startssland get the following messagein error_log file, but no errors in the console[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest authentication ...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- resuming normal operations---if I try and access the secure site (https://yin.fokus.gmd.de) I get the following error message in browser(but I can start the normal site http://yin.fokus.gmd.de):--The server's certificate has an invalid signature. You will not be able to connect to this site securely.-- Your domain name is not in public DNS so I suppose you do this locally. You are right. I try this on my laptop for our future projekt. Shoud I use the IP address and not host name in the server certificate? but it is changed frequently. Best Regards, Aihong Yin. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
Boyle Owen wrote: PLease post in plain text - my mail client doesn't handle HTML mail... The thing you type into the browser's Location window has to match what's in the cert. Does it? Yes, it does. but this error [warn] RSA server certificate CommonName (CN) does NOT match server name!? is given during the HTTPS server start. and the next step is to start the browser. If you are doing all this on a standalone laptop, I doubt it. Could you tell me the reason? what do you mean standalone? The laptop get it's IP address during reboot using DHCP. Is this correct? Best Regards, Aihong Yin. -Original Message- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 29. Januar 2003 12:07 To: [EMAIL PROTECTED] Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!? Hello Owen and Toftum, thanks for your mail. Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 7.1).I have created a SSL server certificate using a self-made CA, and am sure thatthe Common Name in the Server Certificate und ServerName in http.conf file arethe same yin.fokus.gmd.de, which is identical with the host address. Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein the SSL VH config? Do you mean that I should configure VirtualHost in the http.conf file? But I think the Virtual Host is used for the case of more than one web site running on a single machine. Is this correct? On my Laptop there is only one web site yin.fokus.gmd.de. I now have tried to configure VirtualHost and it is the same error. If so, are you sure the certificate's common name is yin.fokus.gmd.de?Don't just say Yes, check it with: openssl x509 -subject -in /path/to/certthen see what CN= is set to. I have checked it and They are the same (CN= is set to yin.fokus.gmd.de). I now start apache with apachect1 startssland get the following messagein error_log file, but no errors in the console[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest authentication ...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- resuming normal operations---if I try and access the secure site (https://yin.fokus.gmd.de) I get the following error message in browser(but I can start the normal site http://yin.fokus.gmd.de):--The server's certificate has an invalid signature. You will not be able to connect to this site securely.-- Your domain name is not in public DNS so I suppose you do this locally. You are right. I try this on my laptop for our future projekt. Shoud I use the IP address and not host name in the server certificate? but it is changed frequently. Best Regards, Aihong Yin. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!?
-Original Message- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 29. Januar 2003 12:47 To: [EMAIL PROTECTED] Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!? Boyle Owen wrote: PLease post in plain text - my mail client doesn't handle HTML mail... The thing you type into the browser's Location window has to match what's in the cert. Does it? Yes, it does. but this error [warn] RSA server certificate CommonName (CN) does NOT match server name!? is given during the HTTPS server start. and the next step is to start the browser. In your httpd.conf you must have a ServerName directive - what is it set to? It must be the same as the common name in the cert. If you are doing all this on a standalone laptop, I doubt it. Could you tell me the reason? what do you mean standalone? The laptop get it's IP address during reboot using DHCP. So how do you access the web site? You must type something into the browser - unless you type yin.fokus.gmd.de, you will get a warning. But how can you type this in? - you would need a local DNS set up to resolve this domain. Do you have this? Is this correct? Best Regards, Aihong Yin. -Original Message- From: Aihong Yin [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 29. Januar 2003 12:07 To: [EMAIL PROTECTED] Subject: Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de' does NOT match server name!? Hello Owen and Toftum, thanks for your mail. Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat 7.1).I have created a SSL server certificate using a self-made CA, and am sure thatthe Common Name in the Server Certificate und ServerName in http.conf file arethe same yin.fokus.gmd.de, which is identical with the host address. Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein the SSL VH config? Do you mean that I should configure VirtualHost in the http.conf file? But I think the Virtual Host is used for the case of more than one web site running on a single machine. Is this correct? On my Laptop there is only one web site yin.fokus.gmd.de. I now have tried to configure VirtualHost and it is the same error. If so, are you sure the certificate's common name is yin.fokus.gmd.de?Don't just say Yes, check it with: openssl x509 -subject -in /path/to/certthen see what CN= is set to. I have checked it and They are the same (CN= is set to yin.fokus.gmd.de). I now start apache with apachect1 startssland get the following messagein error_log file, but no errors in the console[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret for digest authentication ...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured-- resuming normal operations---if I try and access the secure site (https://yin.fokus.gmd.de) I get the following error message in browser(but I can start the normal site http://yin.fokus.gmd.de):--The server's certificate has an invalid signature. You will not be able to connect to this site securely.-- Your domain name is not in public DNS so I suppose you do this locally. You are right. I try this on my laptop for our future projekt. Shoud I use the IP address and not host name in the server certificate? but it is changed frequently. Best Regards, Aihong Yin. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support
