Solved

Server Name Doesn't Match Certificate Error in Windows Apache 2.2

Posted on 2011-03-14
5
693 Views
Last Modified: 2012-05-11
We are setting up an apache reverse proxy w/ ssl.  We have the reverse proxy working w/o ssl.  Need it working with ssl.  Created a certificate w/ the CN=proxy.domain.com where domain is replaced by our domain name.  We have servername and namevirtualhost commands setup to support proxy.domain.com.  Getting an error in the logs, the cipproxy.localhost-error.log file =
[Mon Mar 14 07:41:26 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Mar 14 07:41:26 2011] [warn] RSA server certificate CommonName (CN) `proxy.dmain.com' does NOT match server name!?
I undertsand the first line to relate to the fact we are using a self-cert.  The second line is the issue. Can anyone shed some light, remember this is a windows version of apache run on a 2k3 server box.  I can post partial configs if needed
Thanks.
0
Comment
Question by:jtmoske
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 35139494
Every certificate must have the domain name as it's CN field.

One certificate per domain, unless you use e wildcard domain like *.mydomain.com
0
 

Author Comment

by:jtmoske
ID: 35139538
Thank you for the response, isn't that what I have the CN=proxy.domain.com where domain.com is the domain is our actual domain.
0
 
LVL 9

Accepted Solution

by:
fcontrepois earned 250 total points
ID: 35139606
if your virtualhost is called proxy.domain.com apache will be happy.

Create a new certificate and put the domain name that's called by clients OR
create a new certificate with cn=*.domain.com
0
 

Author Comment

by:jtmoske
ID: 35139823
That is where my issue is.  I do have the virtualhost called proxy.domain.com.  But I still get the error.  I can also try to make a cert with *.domain.com.  Will follow up.
0
 

Author Closing Comment

by:jtmoske
ID: 35140814
Thank you, I found the error in the config file, there was another entry with server name command later in the file.  Removed that and went well.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question