Solved

The name on the security certificate is invalid or does not match the name of the site

Posted on 2007-03-19
3
6,110 Views
Last Modified: 2012-06-27
Hi,

I have a problem one of my customers secure server. Thought someone might have thoughts on a quick fix...

On their website www.theirdomain.net they have a link to their secure server which is running Windows server 2003. The secure server is physically in their offices at their company. Their domain theirdomain.net is hosted at a third party webhosting company.

On their home page whenever you click on the link to the secure server you get the message "The name on the security certificate is invalid or does not match the name of the site" - I checked the server and show the following:

1. The secure server is linked to by IP address and does not use a domain
2. The certificate is valid but is in the name theirdomain.com - they do not own the domain theirdomain.com, they own theirdomain.net
3. The certificate was purchased 2 years ago by them. I assume they made a name (.com, .net) mistake when purchasing it originally.

I told them that when you link to a secure server with an IP address in Windows server you will get that message. The certificate cannot be bound to an IP address - it must use a domain name. Since the domain is wrong, they need to use DNS on the Windows server and generate a new certificate with the matching name and link to it by name. I spoke with Verisign and they confirmed this. Verisign will not change the name because they purchased it 2 years ago.

The customer told me that it "was" working without receiving that message up until about 2 weeks ago. ??? and want it working again...

I'm stumped. Is their a way to configure Windows 2003 server so that you can use an SSL certificate via IP address and not receive that message?

I appreciate any thoughts or experience you may have had with this type of thing.

-S

0
Comment
Question by:summerset
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 250 total points
ID: 18751459
>Is their a way to configure Windows 2003 server so that you can
>use an SSL certificate via IP address and not receive that message?

No, there is no way to avoid getting this error if you are referencing a site via IP address.  If there were a way it would be a *huge* security hole.

And I doubt that it was working until 2 weeks ago.  Best gues is that they weren't actually using SSL until about 2 weeks ago and someone made a configuration change of some sort.

Dave Dietz
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 18751546
I'm in agreement with Dave here - either someone is not "fessing up" or they just don't understand exactly what's happening. Maybe SSL wasn't actually enable for that server until 2 weeks ago and they didn't even know it.  

They will need to purchase a new certificate - and if it's two years old, maybe it's getting ready to expire anyway?  If it's an issue of cost, you can get a certificate from Thawte or Godaddy pretty cheaply these days (i.e., a coupla hundred dollars instead of thousands).
0
 

Author Comment

by:summerset
ID: 18751625
Thanks guys. I appreciate it. I'm going with my first recommendation to them and have them purchase a new certificate. I just needed to hear someone else say it. '-)

Aloha,

-S
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Learn about cloud computing and its benefits for small business owners.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question