Solved

OS X Webserver

Posted on 2013-05-17
5
226 Views
Last Modified: 2013-06-14
I am helping an IT team that is having a problem with their OS X Leopard webserver and an ssl certificate.

A couple of months ago the server hard drive crashed and they rebuilt the server. The server is only hosting their website and no dns. The logs are showing that the host name does not match the certificate.

I have no experience with web servers nor ssl certificates.

How do we go about resolving this issue.
0
Comment
Question by:mail2clk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 25

Accepted Solution

by:
Cyclops3590 earned 500 total points
ID: 39175657
fix the hostname of the server.  part of the ssl cert validation is looking at the name in the cert being sent and the name you're using to connect to the server.  for example.  let's say that you have a cert that is used to validate www.example.com with a real name of webserver.example.com.  You would be able to connect to the webpage using either name successfully; however, if you connect using webserver.example.com it'll complain the hostname doesn't match because the cert is validating www.example.com, not webserver.example.com thus a discrepancy.

you have a couple options.

1) rename the server to use the name in the cert
2) add a CNAME DNS record to point to the new name
    OR just create a new A record that points to the server IP directly
0
 

Author Comment

by:mail2clk
ID: 39175775
The dns is hosted externally i.e. example.com. The certificate has the host1.example.com. Renaming the server to "host1"alone would correct this issue? Do I need to have an internal dns server configured?
Picture-3.png
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39175838
possibly.  when a user goes to the site host1.example.com the site presents an ssl cert and that cert has a name in it.  my guess of what happened is that when it was rebuilt the cert wasn't recreated and signed by a cert authority using the host1.example.com name but rather the name of the server it was configured with.

the cert is what needs to be fixed, not necessarily the hostname.  i haven't done ssl cert generation on osx before.  i just raised the changing of the hostname on the server to be the cert as sometimes the cert will be auto regenerated for the new name.  pry not in this case though

so what you need to do is generate a new cert on the server and for the "common name" when filling in all the info you need to put host1.example.com.  you then need to create a cert req that will be sent to verisign or whomever you want to have sign your cert for trustworthness (whomever did the original before the crash) unless it is self signed of course.  then load the new private/public key pair into the web server.  after that you'll be fine.
0
 

Author Comment

by:mail2clk
ID: 39175864
they want to keep the host1.example .com on the certificate. Its changing the name on the server is the problem. Its called server.local.

On a test server osx server my current hostname server01.test.com and dns hostname server01.test.com  match. I have a dns server installed and configured and the servers dns points to the ip address of the server.

Is this how we should configure the production server in order for the ssl certificate to work correctly?
0
 
LVL 25

Expert Comment

by:Cyclops3590
ID: 39175913
yes.  so when you type https://host1.example.com/ into the browser, you can see an icon somewhere that gives you access to view the properties of the ssl cert the site uses.  that cert should have a common name associated with it of host1.example.com.  even if its something small like visiting the page https://host1/ without the domain name it won't match the certificate and will cause an error to be presented.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question