You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/12/07 18:32:11 UTC
DO NOT REPLY [Bug 52301] New: Error message "RSA server certificate
... CN ... does NOT match server name" should give the server name
https://issues.apache.org/bugzilla/show_bug.cgi?id=52301
Bug #: 52301
Summary: Error message "RSA server certificate ... CN ... does
NOT match server name" should give the server name
Product: Apache httpd-2
Version: 2.2.17
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: worley@alum.mit.edu
Classification: Unclassified
When the server name that Apache determines does not match the certificate CN
it produces an error message in this format:
[Tue Dec 06 12:21:17 2011] [warn] RSA server certificate CommonName (CN)
`baatara.usae.avaya.com' does NOT match server name!?
Unfortunately, the message includes the CN found but not the server name that
Apache is using, which makes it quite difficult to guess what might be going
wrong if the CN is in fact the desired server name but the server name that
Apache determines is not correct.
(The configuration file did not include a ServerName directive and some aspect
of the /etc/hosts file confused Apache, leading to Apache choosing the wrong
server name.)
This situation would be easier to diagnose if this error message included the
server name that Apache was matching with the CN. In my case, this would
result in something like:
[Tue Dec 06 12:21:17 2011] [warn] RSA server certificate CommonName (CN)
`baatara.usae.avaya.com' does NOT match server name 'localhost4'!?
This message would have given me strong hints as to where the problem lay.
I suspect that this change would be simple to make.
This may be related to bug reports 10346 and 37911.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 52301] Error message "RSA server certificate ...
CN ... does NOT match server name" should give the server name
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52301
Dale Worley <wo...@alum.mit.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |worley@alum.mit.edu
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org