?
Solved

How to fix "X.509 Certificate Subject CN Does Not Match the Entity"

Posted on 2016-08-09
3
Medium Priority
?
4,089 Views
Last Modified: 2016-08-10
How do we fix the above ?

In one site VA scan identified this
0
Comment
Question by:sunhux
  • 2
3 Comments
 
LVL 18

Accepted Solution

by:
Learnctx earned 2000 total points
ID: 41748493
You will have this when the certificate common name does not match the name of the domain for host, or does not contain a matching subject alternate name (SAN). For example you have a server called server1 in the domain yourdomain.com. The URL is https://server1.yourdomain.com. You find this name is not very friendly so you create a DNS record pointing to server1.yourdomain.com called myapp.yourdomain.com. The user goes to https://myapp.yourdomain.com. The browser will throw an error saying that the certificate is not trusted because the URL does not match the certificate name.

To fix this you would need to issue a new certificate with the new name or add a subject alternate name to the certificate for myapps.yourdomain.com.
1
 

Author Comment

by:sunhux
ID: 41748575
Thanks very much.

So I have to obtain a new cert (if it is not self-signed cert) from the CA
for myapps.yourdomain.com ?

If this is left alone as such, is it considered a security vulnerability/risk?
0
 
LVL 18

Assisted Solution

by:Learnctx
Learnctx earned 2000 total points
ID: 41749605
No it is not a security risk as such just bad practice. Your browser for example would suggest that your connection may not be secure because it could be a possible MiTM attack. But, as long as you recognise the cert as the one you installed you can ignore the warning. If it were a customer facing site you would want to fix it, otherwise that's just embarrassing. If its something internal...depends how much you care. Issuing a new certificate should be a fairly straight forward procedure and take a couple of minutes. Me personally I would prefer to fix it because I like to cross my t's and dot my i's and installing a new cert is a trivial task.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like me and like multiple layers of protection, read on!
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question