?
Solved

Server Name Doesn't Match Certificate Error in Windows Apache 2.2

Posted on 2011-03-14
5
Medium Priority
?
700 Views
Last Modified: 2012-05-11
We are setting up an apache reverse proxy w/ ssl.  We have the reverse proxy working w/o ssl.  Need it working with ssl.  Created a certificate w/ the CN=proxy.domain.com where domain is replaced by our domain name.  We have servername and namevirtualhost commands setup to support proxy.domain.com.  Getting an error in the logs, the cipproxy.localhost-error.log file =
[Mon Mar 14 07:41:26 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 07:41:26 2011] [warn] RSA server certificate CommonName (CN) `proxy.dmain.com' does NOT match server name!?
I undertsand the first line to relate to the fact we are using a self-cert.  The second line is the issue. Can anyone shed some light, remember this is a windows version of apache run on a 2k3 server box.  I can post partial configs if needed
Thanks.
0
Comment
Question by:jtmoske
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 35139494
Every certificate must have the domain name as it's CN field.

One certificate per domain, unless you use e wildcard domain like *.mydomain.com
0
 

Author Comment

by:jtmoske
ID: 35139538
Thank you for the response, isn't that what I have the CN=proxy.domain.com where domain.com is the domain is our actual domain.
0
 
LVL 9

Accepted Solution

by:
fcontrepois earned 1000 total points
ID: 35139606
if your virtualhost is called proxy.domain.com apache will be happy.

Create a new certificate and put the domain name that's called by clients OR
create a new certificate with cn=*.domain.com
0
 

Author Comment

by:jtmoske
ID: 35139823
That is where my issue is.  I do have the virtualhost called proxy.domain.com.  But I still get the error.  I can also try to make a cert with *.domain.com.  Will follow up.
0
 

Author Closing Comment

by:jtmoske
ID: 35140814
Thank you, I found the error in the config file, there was another entry with server name command later in the file.  Removed that and went well.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question