RSA server certificate CommonName (CN) does NOT match server name

loopforever

Verified User
Joined
May 30, 2003
Messages
298
Location
/home/admin
Hi all,

Really stumped here - hoping someone can help shed some light on an SSL problem I'm having.

The problem: On this particular server, I have exactly one SSL certificate. It belongs to the primary IP address of the server. This primary IP is shared among a number of other vhosts. Upon starting Apache, I get the following error in my error_log:

Code:
[Fri Jun 27 19:03:45 2008] [warn] RSA server certificate CommonName (CN) `secure.mydomain.com' does NOT match server name!?

Several times.

Here is the entry for this virtual host from its appropriate httpd.conf file:

Code:
<VirtualHost 1.2.3.4:443>

        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


        ServerName www.secure.mydomain.com
        ServerAlias www.secure.serveio.com secure.mydomain.com
        ServerAdmin [email protected]
        DocumentRoot /home/sslaccount/domains/secure.mydomain.com/private_html
        ScriptAlias /cgi-bin/ /home/sslaccount/domains/secure.mydomain.com/public_html/cgi-bin/

        UseCanonicalName OFF

        SuexecUserGroup sslaccount sslaccount
        CustomLog /var/log/httpd/domains/secure.mydomain.com.bytes bytes
        CustomLog /var/log/httpd/domains/secure.mydomain.com.log combined
        ErrorLog /var/log/httpd/domains/secure.mydomain.com.error.log

        <Directory /home/sslaccount/domains/secure.mydomain.com/private_html>
                Options +Includes -Indexes

                php_admin_flag engine ON
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode ON
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f [email protected]'
        </Directory>
</VirtualHost>

The certificate from /etc/httpd/conf/ssl.crt/server.crt (openssl x509 -in server.crt -noout -subject) reads as follows:

Code:
subject= /C=US/O=secure.mydomain.com/OU=GT97384851/OU=See www.rapidssl.com/resources/cps (c)07/OU=Domain Control Validated - RapidSSL(R)/CN=secure.mydomain.com

It's important to note that this particular certificate worked fine on this machine for several years. Some recent upgrading has broken something, but I can't put my finger on the source.

I have tried having DA rewrite all the httpd.confs. No avail. I also manually changed the ServerName directive for this vhost (by removing the www. so as to match it exactly to the SSL cert (no www.)). No luck.

If anyone has experienced this before, or has any advice, please let me know. I'm really pulling my hair out here :p!!!

Thanks in advance!
 
Is it working now? A warning is not an error.

What's the output of
Code:
$ hostname

What's the real domain name of the certificate?

Jeff
 
It may be a warning but as a result my httpd doesnt start anymore, so that i would define as a big error
 
And there's no way to move forward on helping you without the information I've asked for.

Jeff
 
Back
Top