• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5373
  • Last Modified:

How to fix "X.509 Certificate Subject CN Does Not Match the Entity"

How do we fix the above ?

In one site VA scan identified this
0
sunhux
Asked:
sunhux
  • 2
2 Solutions
 
LearnctxEngineerCommented:
You will have this when the certificate common name does not match the name of the domain for host, or does not contain a matching subject alternate name (SAN). For example you have a server called server1 in the domain yourdomain.com. The URL is https://server1.yourdomain.com. You find this name is not very friendly so you create a DNS record pointing to server1.yourdomain.com called myapp.yourdomain.com. The user goes to https://myapp.yourdomain.com. The browser will throw an error saying that the certificate is not trusted because the URL does not match the certificate name.

To fix this you would need to issue a new certificate with the new name or add a subject alternate name to the certificate for myapps.yourdomain.com.
1
 
sunhuxAuthor Commented:
Thanks very much.

So I have to obtain a new cert (if it is not self-signed cert) from the CA
for myapps.yourdomain.com ?

If this is left alone as such, is it considered a security vulnerability/risk?
0
 
LearnctxEngineerCommented:
No it is not a security risk as such just bad practice. Your browser for example would suggest that your connection may not be secure because it could be a possible MiTM attack. But, as long as you recognise the cert as the one you installed you can ignore the warning. If it were a customer facing site you would want to fix it, otherwise that's just embarrassing. If its something internal...depends how much you care. Issuing a new certificate should be a fairly straight forward procedure and take a couple of minutes. Me personally I would prefer to fix it because I like to cross my t's and dot my i's and installing a new cert is a trivial task.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now