You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/12/07 18:32:11 UTC

DO NOT REPLY [Bug 52301] New: Error message "RSA server certificate ... CN ... does NOT match server name" should give the server name

https://issues.apache.org/bugzilla/show_bug.cgi?id=52301

             Bug #: 52301
           Summary: Error message "RSA server certificate ... CN ... does
                    NOT match server name" should give the server name
           Product: Apache httpd-2
           Version: 2.2.17
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: worley@alum.mit.edu
    Classification: Unclassified


When the server name that Apache determines does not match the certificate CN
it produces an error message in this format:

[Tue Dec 06 12:21:17 2011] [warn] RSA server certificate CommonName (CN)
`baatara.usae.avaya.com' does NOT match server name!?

Unfortunately, the message includes the CN found but not the server name that
Apache is using, which makes it quite difficult to guess what might be going
wrong if the CN is in fact the desired server name but the server name that
Apache determines is not correct.

(The configuration file did not include a ServerName directive and some aspect
of the /etc/hosts file confused Apache, leading to Apache choosing the wrong
server name.)

This situation would be easier to diagnose if this error message included the
server name that Apache was matching with the CN.  In my case, this would
result in something like:

[Tue Dec 06 12:21:17 2011] [warn] RSA server certificate CommonName (CN)
`baatara.usae.avaya.com' does NOT match server name 'localhost4'!?

This message would have given me strong hints as to where the problem lay.

I suspect that this change would be simple to make.

This may be related to bug reports 10346 and 37911.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

DO NOT REPLY [Bug 52301] Error message "RSA server certificate ... CN ... does NOT match server name" should give the server name

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=52301

Dale Worley <wo...@alum.mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |worley@alum.mit.edu

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org