RE: [warn] RSA server certificate CommonName (CN) `yin.fokus.gmd.de" does NOT match server name!?
am 29.01.2003 14:17:07 von Boyle Owen>-----Original Message-----
>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>Sent: Mittwoch, 29. Januar 2003 12:47
>To: modssl-users@modssl.org
>Subject: Re: [warn] RSA server certificate CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>
>
>
>Boyle Owen wrote:
>
>>PLease post in plain text - my mail client doesn't handle HTML mail...
>>
>>The thing you type into the browser's Location window has to match
>>what's in the cert. Does it?=20
>>
>Yes, it does. but this error "[warn] RSA server certificate=20
>CommonName (CN)
>does NOT match server name!?" is given during the HTTPS server start.=20
>and the next step is to start the browser.
In your httpd.conf you must have a ServerName directive - what is it set =
to? It must be the same as the common name in the cert.
>
>>If you are doing all this on a standalone
>>laptop, I doubt it.
>>
>Could you tell me the reason? what do you mean "standalone"?=20
>The laptop get
>it's IP address during reboot using DHCP.
So how do you access the web site? You must type something into the =
browser - unless you type yin.fokus.gmd.de, you will get a warning. But =
how can you type this in? - you would need a local DNS set up to =
resolve this domain. Do you have this?
> Is this correct?
>
>Best Regards,
>Aihong Yin.
>
>>-----Original Message-----
>>From: Aihong Yin [mailto:yin@fokus.fraunhofer.de]
>>Sent: Mittwoch, 29. Januar 2003 12:07
>>To: modssl-users@modssl.org
>>Subject: Re: [warn] RSA server certificate CommonName (CN)
>>`yin.fokus.gmd.de' does NOT match server name!?
>>
>>
>>Hello Owen and Toftum,
>>
>>thanks for your mail.
>>
>>
>>Hello all,I am trying to setup my server (apache 2.0.43, opensl 0.9.6g
>>on RedHat 7.1).I have created a SSL server certificate using=20
>a self-made
>>CA, and am sure thatthe Common Name in the Server Certificate und
>>ServerName in http.conf file arethe same "yin.fokus.gmd.de", which is
>>identical with the host address.
>>Really? Are you sure you have the line: ServerName=20
>yin.fokus.gmd.dein
>>the SSL VH config?
>>Do you mean that I should configure VirtualHost in the http.conf file?
>>But I think the Virtual Host is used for the case
>>of more than one web site running on a single machine. Is=20
>this correct?
>>On my Laptop there is only one web site "yin.fokus.gmd.de".
>>I now have tried to configure VirtualHost and it is the same error.
>>
>>
>>If so, are you sure the certificate's common name is
>>yin.fokus.gmd.de?Don't just say "Yes", check it with: openssl x509
>>-subject -in /path/to/certthen see what "CN=3D" is set to.
>>
>>I have checked it and They are the same ("CN=3D" is set to
>>"yin.fokus.gmd.de).
>>
>>
>>
>>I now start apache with "apachect1 startssl"and get the following
>>messagein error_log file, but no errors in the console---->[Wed Jan 29
>>08:34:02 2003] [warn] RSA server certificate CommonName
>>(CN)`yin.fokus.gmd.de' does NOT match server name!?[Wed Jan=20
>29 08:34:03
>>2003] [notice] Digest: generating secret for digest authentication
>>...[Wed Jan 29 08:34:03 2003] [notice] Digest: done[Wed Jan=20
>29 08:34:04
>>2003] [warn] RSA server certificate CommonName (CN)`yin.fokus.gmd.de'
>>does NOT match server name!?[Wed Jan 29 08:34:05 2003] [notice]
>>Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6g DAV/2 configured--
>>resuming normal operations<---if I try and access the secure site
>>(https://yin.fokus.gmd.de) I get the following error message in
>>browser(but I can start the normal site
>>http://yin.fokus.gmd.de):------>The server's certificate has=20
>an invalid
>>signature. You will not be able to connect to this site=20
>securely.<------
>>Your domain name is not in public DNS so I suppose you do=20
>this locally.
>>You are right. I try this on my laptop for our future projekt. Shoud I
>>use the IP address and not host name in the server certificate?
>>but it is changed frequently.=20
>>
>>Best Regards,
>>
>>Aihong Yin.
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the=20
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose,=20
>distribute, print,
>>or copy any part of this message if you are not the intended=20
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.=20
>>__________________________________________________________ ____________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List modssl-users@modssl.org
>>Automated List Manager majordomo@modssl.org
>>
>
>--=20
>
>
>
>
>=20
>
>
>
>___________________________________________________________ ___________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List modssl-users@modssl.org
>Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org