The cert in use is for *.apache.org and does not have a Subject
Alternate Name for just apache.org without a subdomain.
This leaves 2 primary course of actions:
- request the vendor we got our cert from (Symantec) add the SAN and
reissue. They sometimes will do so.
- buy and install a cert for apache.org for the website without www. and
redir to the www.apache.org website
Other courses of action:
- remove the DNS entry for A/CNAME for apache.org so it doesn't resolve
to anything
- ignore the issue (it's been reported a few times already and likely
won't stop)
Regards,
KAM
On 5/22/2015 12:36 AM, vamsi katepalli wrote:
Hi,
This Url works for me https://www.apache.org but it gives the same
error for https://apache.org <https://apache.org/>
On Thu, May 21, 2015 at 11:03 PM, Niclas Hedhman <nic...@hedhman.org
<mailto:nic...@hedhman.org>> wrote:
I am not sure who should be contacted, but https://apache.org
doesn't match
the *.apache.org <http://apache.org> SSL Certificate and one gets
a big fat warning in modern
browsers that the site shouldn't be trusted.
I think it needs to be corrected...
Cheers
--
Niclas Hedhman, Software Developer
http://zest.apache.org - New Energy for Java
