i am probably stupid for trying to answer since I know
virtually nothing about this stuff.
but....
if i wrote the protocol, i would do a reverse lookup on the
ip address i was communicating with and check that name
against the certificate name. if you are using a cname, they
will not match.
i am sure someone will correct me if i am wrong.
cliff rayman
genwax.com
Franky Van Liedekerke wrote:
> Hi,
>
> I created a server certificate with the CN=webmail.pandora.be, and in
> DNS this webmail.pandora.be is a CNAME.
> Now I created a virtualhost in apache with
> ServerName=webmail.pandora.be, but when I connect to the server, I get
> in my ssl_error logfile:
>
> ssl_error_log:[Wed Dec 15 03:19:14 1999] [error] mod_ssl: SSL handshake
> failed (client 209.227.16.35, server webmail.pandora.be:443) (OpenSSL
> library error follows)
> ssl_error_log:[Wed Dec 15 03:19:14 1999] [error] OpenSSL:
> error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> [Hint: Subject CN in certificate not server name!?]
>
> Does this means that webmail.pandora.be should not be a CNAME?
>
> Franky
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
