Solved

How to fix "X.509 Certificate Subject CN Does Not Match the Entity"

Posted on 2016-08-09
3
977 Views
Last Modified: 2016-08-10
How do we fix the above ?

In one site VA scan identified this
0
Comment
Question by:sunhux
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Learnctx earned 500 total points
ID: 41748493
You will have this when the certificate common name does not match the name of the domain for host, or does not contain a matching subject alternate name (SAN). For example you have a server called server1 in the domain yourdomain.com. The URL is https://server1.yourdomain.com. You find this name is not very friendly so you create a DNS record pointing to server1.yourdomain.com called myapp.yourdomain.com. The user goes to https://myapp.yourdomain.com. The browser will throw an error saying that the certificate is not trusted because the URL does not match the certificate name.

To fix this you would need to issue a new certificate with the new name or add a subject alternate name to the certificate for myapps.yourdomain.com.
1
 

Author Comment

by:sunhux
ID: 41748575
Thanks very much.

So I have to obtain a new cert (if it is not self-signed cert) from the CA
for myapps.yourdomain.com ?

If this is left alone as such, is it considered a security vulnerability/risk?
0
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 500 total points
ID: 41749605
No it is not a security risk as such just bad practice. Your browser for example would suggest that your connection may not be secure because it could be a possible MiTM attack. But, as long as you recognise the cert as the one you installed you can ignore the warning. If it were a customer facing site you would want to fix it, otherwise that's just embarrassing. If its something internal...depends how much you care. Issuing a new certificate should be a fairly straight forward procedure and take a couple of minutes. Me personally I would prefer to fix it because I like to cross my t's and dot my i's and installing a new cert is a trivial task.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question