CN error

Patrick Lizama
Patrick Lizama used Ask the Experts™
on
Misconfiguration of certificate's CN and virtual name. The certificate CN has ww2.scryptions. We expected www2.scryptions.com as virtual name.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fractional CTO
Distinguished Expert 2018
Commented:
Here are the subjective site names covered by your cert.

imac> echo QUIT | openssl s_client -crlf -servername scryptions.com -connect scryptions.com:443 2>/dev/null | openssl x509 -noout -text | egrep DNS:
                DNS:www1.scryptions.com, DNS:www.www1.scryptions.com

Open in new window


Note: There is no coverage for either scryptions.com or www.scryptions.com so the cert has likely been generated incorrectly + will not cover the hosts normally covered for HTTPS access.

Note: https://www.ssllabs.com/ssltest/analyze.html?d=www1.scryptions.comb shows your SSL config as an F Score. Should be an A+ Score.

Your SSL config is insecure + highly hackable. Currently major browsers seem to visit your site without complaint, right now. As browsers increase their security requirements, likely there will come a day when your site is reported to visitors as suspicious by all major browsers.

The www2.scryptions.com does not appear, so is not covered by this cert.

Trying the above command with www2.scryptions.com hangs, because there's no port 443 listener.

Suggestion: Looks like might be best for you to hire someone to sit down with you + talk through the exact site coverage you require.

Use either a simple or wildcard, free, https://LetsEncrypt.org with auto-renewal to handle your use cases.

Target: Have a look at https://www.ssllabs.com/ssltest/analyze.html?d=davidfavor.com&latest + have your tech people target this type of score.
Patrick LizamaSystems Administrator

Author

Commented:
I should have mentioned that the www2 is internal and I am transitioning the www1 to www2 due to upgrade with PHP and Mysql which is reason due to those security concerns.  I have checked the cert from Comodo and it does show www2 in both the crt and the key.
Patrick LizamaSystems Administrator

Author

Commented:
Thank you as you have given me many things to look at.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial