RSA CommonName does NOT match server name

LionRock

Verified User
Joined
Mar 30, 2007
Messages
94
Any tip for this? I have latest Apache from CB 2.0 and FreeBSD 9.1

There is shared.domain, example.com etc. And if I try to change in /etc/httpd/conf/httpd.conf some setgins alway rewrite_conf put back example.com etc... And also Typo3 gives me this "No OpenSSL backend could be obtained for rsaauth." So something is wrong with certicifatec and domain names in configs. Any tip?

Thanks

[Mon Mar 04 14:10:33.009992 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:33.010000 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:33.010102 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:33.010109 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:33.010210 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:33.010218 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01909: RSA certificate configured for shared.domain:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:33.010319 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:33.010326 2013] [ssl:warn] [pid 29117:tid 34401711104] AH01909: RSA certificate configured for shared.domain:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:33.010343 2013] [ssl:warn] [pid 29117:tid 34401711104] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Mar 04 14:10:33.021956 2013] [auth_digest:notice] [pid 29119:tid 34401711104] AH01757: generating secret for digest authentication ...
[Mon Mar 04 14:10:34.026407 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:34.026414 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01909: RSA certificate configured for www.example.com:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:34.026513 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:34.026521 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:34.026620 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:34.026627 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01909: RSA certificate configured for shared.domain:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:34.026725 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 04 14:10:34.026733 2013] [ssl:warn] [pid 29119:tid 34401711104] AH01909: RSA certificate configured for shared.domain:443 does NOT include an ID which matches the server name
[Mon Mar 04 14:10:34.026748 2013] [ssl:warn] [pid 29119:tid 34401711104] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Mar 04 14:10:34.026761 2013] [lbmethod_heartbeat:notice] [pid 29119:tid 34401711104] AH02282: No slotmem from mod_heartmonitor
[Mon Mar 04 14:10:34.027237 2013] [mpm_event:notice] [pid 29119:tid 34401711104] AH00489: Apache/2.4.4 (Unix) OpenSSL/1.0.1e configured -- resuming normal operations
[Mon Mar 04 14:10:34.027257 2013] [core:notice] [pid 29119:tid 34401711104] AH00094: Command line: '/usr/sbin/httpd -D SSL'
 

befree33

Verified User
Joined
Feb 5, 2013
Messages
28
I read this thread but I'm unsure if the solution is here.

I migrated my web hosting accounts from shared hosting to a Xen vps.

The error log on a website reads:

[Thu Mar 07 13:39:26 2013] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Thu Mar 07 13:39:28 2013] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?

I did have a certificate when I used Magento on my site but now I only use Wordpress so there's no certificate on it. Could someone help me remove this error code? Specifically, what change do I make or what command do I use to fix this problem?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,853
Location
GMT +7.00
Hello,

If the warnings do not affect browsing your sites, and/or you don't use SSL certs for your site, you might ignore them.

And if you completely don't use SSL, then you might need to disable SSL in hosting packages of every user and every single domain on your server. Note every virtual host on the server if SSL is not disabled has settings for connecting it via HTTPS and every time when a bot, or anybody visits your server via HTTPS you might see such warnings in logs. And even if you disable SSL for every domain on your server, you might still get the warning... to completely remove it from logs, you might need to block all incoming TCP 443, as there will always a chance that somebody would try to connect to https://123.123.123.123/ on your server, despite the fact you've got a valid cert for your server.

Or... without disabling SSL, you might change LogLevel to error level (I'm not sure that's good idea, but still won't do any harm)

http://httpd.apache.org/docs/2.2/mod/core.html#loglevel
 

explosive

Verified User
Joined
Dec 29, 2010
Messages
170
Location
PL/EU
Or... without disabling SSL, you might change LogLevel to error level (I'm not sure that's good idea, but still won't do any harm)[/URL]
No, isn't. With Loglevel you disable any other important messages (for ex. e 500) ;(
 
Top