let me guess, your problem has something to do with your certificate not supporting wildcards for the sub-domains.
On Fri, Apr 11, 2008 at 1:00 PM, Sir June <[EMAIL PROTECTED]> wrote: > Our off-shore security consultant sent me an email about a security issue > on our webserver. > > "The subject's common name (CN) field in the x.509 certificate should be > fixed to reflect the name of the entity presenting the certificate (e.g. the > hostname). This is done by generating a new certificate. ISSUE: X.509 > certificate does not match the entity name. " > > i ran: # openssl x509 -noout -text -in server.crt > > .... > Subject: serialnurmber=<series of numbers here> > O=MIS Division, C=PH, ST,=Manila,OU=MIS > Unit,CN=www.ourdomain.com<http://www.ourwebsite.com> > .... > > my server's hostname are: linux1.ourdomain.com, linux2.ourdomain.com, > linux3.ourdomain.com and they are in a load-balancer's rotation for > http://www.ourdomain.com > > i don't know much about x.509 and i want to understand a little more. > Verisign is the CA on my certificate. > > Does the CN value needs to match the server's hostname? How do i fix > this? > > > thanks, > sirjune > > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph >
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
