RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de" does NOT match server name!?

RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de" does NOT match server name!?

am 29.01.2003 12:17:17 von Boyle Owen

PLease post in plain text - my mail client doesn't handle HTML mail...

The thing you type into the browser's Location window has to match
what's in the cert. Does it? If you are doing all this on a standalone
laptop, I doubt it.


-----Original Message-----
From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
Sent: Mittwoch, 29. Januar 2003 12:07
To: modssl-users@modssl.org
Subject: Re: [warn] RSA server certificate CommonName (CN)
`yin.fokus.gmd.de' does NOT match server name!?


Hello Owen and Toftum,

thanks for your mail.


Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
on RedHat 7.1).I have created a SSL server certificate using a self-made
CA, and am sure thatthe Common Name in the Server Certificate und
ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
identical with the host address.
Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein
the SSL VH config?
Do you mean that I should configure VirtualHost in the http.conf file?
But I think the Virtual Host is used for the case
of more than one web site running on a single machine. Is this correct?
On my Laptop there is only one web site "yin.fokus.gmd.de".
I now have tried to configure VirtualHost and it is the same error.


If so, are you sure the certificate's common name is
yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509
-subject -in /path/to/certthen see what "CN=" is set to.

I have checked it and They are the same ("CN=" is set to
"yin.fokus.gmd.de).



I now start apache with "apachect1 startssl"and get the following
messagein error_log file, but no errors in the console---->[Wed Jan 29
08:34:02 2003] [warn] RSA server certificate CommonName
(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03
2003] [notice] Digest: generating secret for digest authentication
....[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04
2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
resuming normal operations<---if I try and access the secure site
(https://yin.fokus.gmd.de) I get the following error message in
browser(but I can start the normal site
http://yin.fokus.gmd.de):------>The server's certificate has an invalid
signature. You will not be able to connect to this site securely.<------
Your domain name is not in public DNS so I suppose you do this locally.
You are right. I try this on my laptop for our future projekt. Shoud I
use the IP address and not host name in the server certificate?
but it is changed frequently.

Best Regards,

Aihong Yin.

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de" does NOT match server name!?

am 29.01.2003 12:47:21 von Aihong Yin

Boyle Owen wrote:

>PLease post in plain text - my mail client doesn't handle HTML mail...
>
>The thing you type into the browser's Location window has to match
>what's in the cert. Does it?
>
Yes, it does. but this error "[warn] RSA server certificate CommonName (CN)
does NOT match server name!?" is given during the HTTPS server start.
and the next step is to start the browser.

>If you are doing all this on a standalone
>laptop, I doubt it.
>
Could you tell me the reason? what do you mean "standalone"? The laptop get
it's IP address during reboot using DHCP. Is this correct?

Best Regards,
Aihong Yin.

>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: Mittwoch, 29. Januar 2003 12:07
>To: modssl-users@modssl.org
>Subject: Re: [warn] RSA server certificate CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>
>
>Hello Owen and Toftum,
>
>thanks for your mail.
>
>
>Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
>on RedHat 7.1).I have created a SSL server certificate using a self-made
>CA, and am sure thatthe Common Name in the Server Certificate und
>ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
>identical with the host address.
>Really? Are you sure you have the line: ServerName yin.fokus.gmd.dein
>the SSL VH config?
>Do you mean that I should configure VirtualHost in the http.conf file?
>But I think the Virtual Host is used for the case
>of more than one web site running on a single machine. Is this correct?
>On my Laptop there is only one web site "yin.fokus.gmd.de".
>I now have tried to configure VirtualHost and it is the same error.
>
>
>If so, are you sure the certificate's common name is
>yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509
>-subject -in /path/to/certthen see what "CN=" is set to.
>
>I have checked it and They are the same ("CN=" is set to
>"yin.fokus.gmd.de).
>
>
>
>I now start apache with "apachect1 startssl"and get the following
>messagein error_log file, but no errors in the console---->[Wed Jan 29
>08:34:02 2003] [warn] RSA server certificate CommonName
>(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan 29 08:34:03
>2003] [notice] Digest: generating secret for digest authentication
>...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan 29 08:34:04
>2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
>does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
>Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
>resuming normal operations<---if I try and access the secure site
>(https://yin.fokus.gmd.de) I get the following error message in
>browser(but I can start the normal site
>http://yin.fokus.gmd.de):------>The server's certificate has an invalid
>signature. You will not be able to connect to this site securely.<------
>Your domain name is not in public DNS so I suppose you do this locally.
>You are right. I try this on my laptop for our future projekt. Shoud I
>use the IP address and not host name in the server certificate?
>but it is changed frequently.
>
>Best Regards,
>
>Aihong Yin.
>
>This message is for the named person's use only. It may contain
>confidential, proprietary or legally privileged information. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this message in error, please notify the sender urgently
>and then immediately delete the message and any copies of it from your
>system. Please also immediately destroy any hardcopies of the message.
>You must not, directly or indirectly, use, disclose, distribute, print,
>or copy any part of this message if you are not the intended recipient.
>The sender's company reserves the right to monitor all e-mail
>communications through their networks. Any views expressed in this
>message are those of the individual sender, except where the message
>states otherwise and the sender is authorised to state them to be the
>views of the sender's company.
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>

--








____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org