Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RSA server certificate CommonName (CN) 'www.mydomain.com' does NOT match server name!?

Posted on 2009-04-26
15
Medium Priority
?
4,050 Views
Last Modified: 2013-11-16
I keep getting the following messages in my Apache logs:

RSA server certificate CommonName (CN) 'www.mydomain.com' does NOT match server name!?

I believe this is because in my DNS www.mydomain.com is a CNAME for mydomain.com. For the end-user everything looks fine and I have done a number of SSL tests and there are no problems, but is there a way to fix this problem so that it does not appear in the logs?
0
Comment
Question by:sypder
  • 8
  • 7
15 Comments
 
LVL 51

Accepted Solution

by:
Steve Bink earned 1500 total points
ID: 24248307
In your virtual host declaration, make sure the ServerName directive matches the common name assigned to the certificate.  For example, this will generate the same warning:

ServerName mydomain.com
ServerAlias www.mydomain.com

This will not:

ServerName www.mydomain.com
ServerAlias mydomain.com
0
 
LVL 3

Author Comment

by:sypder
ID: 24254546
Makes total sense. But unfortunately, all of my directories are setup on mydomain.com and all my certs are bought for www.mydomain.com and changing it at this point would be a pain (it has been like this for many years). This does not appear to cause any problems for the user, is there a way I can tell Apache to not worry about this?
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24255979
>>> [ ... ] and changing it at this point would be [ ... ]

... as simple as changing the ServerName directive in the site's virtual host definition to match the certificate's CN.  Why do you think it would more difficult?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:sypder
ID: 24256460
The reason I thought it would be more complicated than that is that I use Plesk, and my understanding is that Plesk maintains the virtual host definition. So if I manually change it, Plesk would overwrite that change. Plesk also does not have a feature to change domain name. So I would have to setup a new domain name and then move the files over, which would also give the files a new absolute path.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24256736
While it is true that fiddling with the configuration files is an exercise in futility with Plesk, you can rename the domain.  When you click on an individual domain, the "Rename Domain" option should be in the top menu.  It may depend on the version that you are using, though.  If you don't have that option in your version, then yes, you are stuck with the hard way - destroy and recreate.  

FYI, you do not need to rename the domain to "www.mydomain.com".  You would need to name it "mydomain.com" and check the "www" box.
Plesk-rename-domain.jpg
0
 
LVL 3

Author Comment

by:sypder
ID: 24256751
So bizarre... Mine looks almost identical, but without that button. Under domains I have:

Switch Off
Report
Limits
Domain Aliases
Domain Administrator
Register
MyPlesk.com
Buy Pictures
Back up
Custom Buttons
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24256773
Are you also the systems administrator?  Perhaps that menu item was removed in the UI template assigned to your client account?

Still, the hard way is not too hard.  Backup your content, remove the domain, recreate, copy the content back.  Should take about 5 minutes, plus copy time.  The good news you should only need to do this once.  It could be a bit more complicated if you use, for example, DNS settings or subdomain configurations.  The real question you need to ask is if it is worth the effort to prevent an otherwise nonconsequential warning message from appearing in your logs.
0
 
LVL 3

Author Comment

by:sypder
ID: 24281513
I was just about to close-out this task and award you the points, when I re-read your comment:

'FYI, you do not need to rename the domain to "www.mydomain.com".  You would need to name it "mydomain.com" and check the "www" box.'

I believe this is what I have, the domain name is mydomain.com and the www is checked when I setup the domain.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24284353
That's how I've always set domains up in Plesk, and never had issues with certificate mismatches.  Unfortunately, without the "Rename Domain" option, the only way to know for sure is to recreate it.
0
 
LVL 3

Author Comment

by:sypder
ID: 24287744
Okay, I finally found the "rename" option, for me it is under the Domain Administrator section and not a seperate button. And it does seem to be right... You know, recently I had The Planet do a server hardening and I wonder if they turned on some additional certificate checking? I am not 100% sure, but I do not recall seeing this warnings before that.
Untitled-1.jpg
0
 
LVL 3

Author Comment

by:sypder
ID: 24292246
I added the following two lines to vhost_ssl.conf:

ServerName   www.mydomain.com:443
ServerAlias  mydomain.com

I believe that solved my problem.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24292985
Do you remember what the ServerName/Alias were before you changed them?
0
 
LVL 3

Author Comment

by:sypder
ID: 24301000
Yeah, in httpd.include (maintained by Plesk) it is

ServerName mydomain.com:443
ServerAlias www.mydomain.com

I left this there since it is maintained by Plesk, but it appears that if there are conflicting instructions vhost_ssl.conf wins.
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 24301077
IIRC, the vhost_ssl.conf file is used for customized options.  You should see the include directive for it in the one maintained by Plesk.  Apache uses the last values assigned, so that much makes sense.  I'm still not sure why Plesk is choosing www as the alias, though.  Maybe just one of those mysteries that you have to work around...
0
 
LVL 3

Author Comment

by:sypder
ID: 24310422
Yeah, it seems like a reasonable fix. So I will just go with it and not worry. Thanks for your help!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question