>-----Original Message-----
>From: Aihong Yin [mailto:[EMAIL PROTECTED]]
>Sent: Mittwoch, 29. Januar 2003 11:00
>To: [EMAIL PROTECTED]
>Subject: [warn] RSA server certificate CommonName (CN) `yin.*' does NOT
>match server name!?
>
>
>Hello all,
>
>I am trying to setup my server (apache 2.0.43, opensl 0.9.6g on RedHat
>7.1).
>
>I have created a SSL server certificate using a self-made CA, and am
>sure that
>the Common Name in the Server Certificate und ServerName in http.conf
>file are
>the same "yin.fokus.gmd.de", which is identical with the host address.
Really? Are you sure you have the line:
ServerName yin.fokus.gmd.de
in the SSL VH config?
If so, are you sure the certificate's common name is yin.fokus.gmd.de?
Don't just say "Yes", check it with:
openssl x509 -subject -in /path/to/cert
then see what "CN=" is set to.
>
>I now start apache with "apachect1 startssl"and get the
>following message
>in error_log file, but no errors in the console
>---->
>[Wed Jan 29 08:34:02 2003] [warn] RSA server certificate
>CommonName (CN)
> `yin.fokus.gmd.de' does NOT match server name!?
>[Wed Jan 29 08:34:03 2003] [notice] Digest: generating secret
>for digest
>authentication ...
>[Wed Jan 29 08:34:03 2003] [notice] Digest: done
>[Wed Jan 29 08:34:04 2003] [warn] RSA server certificate
>CommonName (CN)
>`yin.fokus.gmd.de' does NOT match server name!?
>[Wed Jan 29 08:34:05 2003] [notice] Apache/2.0.43 (Unix)
>mod_ssl/2.0.43
>OpenSSL/0.9.6g DAV/2 configured
>-- resuming normal operations
><---
>
>if I try and access the secure site (https://yin.fokus.gmd.de)
>I get the
>following error message in browser
> (but I can start the normal site http://yin.fokus.gmd.de):
>------>
>The server's certificate has an invalid signature. You will
>not be able
>to connect to this site securely.
><------
Your domain name is not in public DNS so I suppose you do this locally.
Anyway, I suppose it means that the browser cannot verify the
certificate authority who signed the cert. If it is self-signed, that is
hardly suprising. It should, however, allow you in if you just clikc
"OK" anyway.
Rgds,
Owen Boyle
>
>Thanks a lot for any helps.
>
>Best Regards,
>Aihong Yin.
>
>
>
>
>--
>
>
>
>
>
>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
