Error: RSA server certificate CN does NOT match server name

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Error: RSA server certificate CN does NOT match server name

Steven Stromer
Hi,

I generated a key and cert using the Makefile available in the standard
FC4 installation (Apache 2 w/mod_ssl and openSSL), as per RH9s manual at:

http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-secureserver-generatingkey.html

(changing directories, as per FC4s release notes, which state, 'OpenSSL:
the /usr/share/ssl contents have  moved to /etc/pki/tls and  /etc/pki/CA')


The key and cert work fine (i.e. httpd restarts successfully), but I am
getting the following message in the ssl_error_log:

'[warn] RSA server certificate CommonName (CN) 'localhost.localdomain'
does NOT match server name!?'


If I check the CN on the cert, it is correctly set to 'www.myaddress.com'.

If I set the ServerName directive in the SSL VirtualHost in ssl.conf
(loaded by httpd.conf) to 'localhost.localdomain' from no default
setting, and restart httpd service, the error message is not generated,
meaning that the CN and server names are then matching.

Can anyone explain to me what is happening here? Is this error being
generated by the key, and not the cert? Does the key even contain any
reference to the server's name? If it's not the key generating the
error, (as I suspect) then why is the cert advertising its CN as
'localhost.localdomain', when it is clearly not stored as such, and the
server is clearly not advertising itself as 'localhost.localdomain'
until I tell it to do so through the SSL VirtualHost?

Thanks so much for any advice!

Steven Stromer


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]