This warning may occur when the configured "ServerName" from apache does not exactly match the COMMON NAME field from the SSL certificate. Example: Show
Apache ServerName domain.com -> Result: apache shows the warning, even though "domain.com" is perfectly covered by the SSL certificate (via it's SAN entry for "domain.com") If you switch ServerName and ServerAlias: ... then the warning will be gone, das "ServerName" now exactly matches the domain name in the COMMON NAME field of the SSL certificate.
I have the following config: I want www.mydomain.com to be the primary domain, but I also want the user to be able to just type mydomain.com and then I redirect them to www. So the the Certificate Name is www.mydomain.com. But with that I keep getting this warning when starting apache:
Everything is working fine though and I also get an A-rating on ssllabs.com. But still this warning bugs me and I'm wondering if I'm maybe missing something here? Obviously the certificate's CN does not match the Server Name, but it still matches an Alias. Is this "bad practice" or is there another way to handle this that does not produce this warning? Should I even care about it? In the end it's just a warning that something might be wrong, but it's not. Or could this cause issues on the client side? So far everything worked fine for me and the users didn't complain, so I guess everything is working correctly. ◾ Sectigo PositiveSSL ▷ 22% 가격 할인 프로모션 진행중. 자세히보기 Apache 에 SSL 인증서 설정 후, 웹서버 재시작시 아래와 같은 에러가 발생한다면 가장 주요 원인은, SSL 설정에서 개인키/서버인증서 각 파일 타입 설정에 맞지 않은 잘못된 타입 파일을 지정하는 경우입니다. RSA certificate configured for xxxx.com:443 does NOT include an ID which matches the server name 원인 예) SSLCertificateKeyFile /인증서파일경로/개인키 ex. domain_xxxxx.key.pem 위와 같은 정상 설정에서, SSLCertificateKeyFile 에 서버인증서를 지정하거나 또는 SSLCertificateFile 에 루트/체인을 지정하는 등입니다. Apache 각 항목에 맞게 파일을 정확하게 지정해야 합니다. (에러 메시지 발생의 가장 흔한 원인) 위 설정값은 그대로 둔채, 실제 경로에 위치한 서버인증서 파일을 완전 삭제 했는데도, 동일한 오류 메시지가 계속 발생한다면, 위 설정은 서버에서 작동되지 않는 설정값입니다. (다른 경로의 설정이 작동하는 중) 어디에 있는 설정값이 실제로 계속 작동중인지 확인하는 방법은 따로 있지 않습니다. SSL 인증서가 설정되는 전체를 대상으로, 설정값을 하나씩 변경해 가면서 차이점 일일히 비교하여 찾아내야 합니다. 인증서 설정시 필요한 각 항목의 파일명 정보는, 발급 완료시 zip 파일내에 '발급내역서 PDF' 파일에 각 첨부 파일의 파일 타입 설명이 되어 있으므로, 설정 작업 전 필히 PDF 내용을 필히 확인해 주셔야 합니다. 참고) Apache SSL 인증서
설치/적용 가이드 When attempting to configure SSL on a server designed to run Apache or potentially another similar web hosting technology, you might end up getting an error that tells you that the server certificate does NOT include an ID which matches the server name. This is technically just a warning and you could theoretically work your way around it. It’s a much better idea to do a little troubleshooting in order to get things working again
like normal. Once you have the server name and certificate matched up, you shouldn’t have to redo any of these steps the next time that you update the system. You may need to regenerate a few things if a simple file edit doesn’t fix things, but once you’ve done so you won’t have to configure files any further. Start by having a look through the You might find that it’s throwing out 443 or another number after each part of the IP address but no other SSL problems. In this case, you might not have told Apache on what ports to listen to. Run Those
running Ubuntu or Debian servers might not have this file or they may find it’s completely empty, unlike those using some versions of Fedora or Red Hat Enterprise Linux. In that case, use In many cases, this should have corrected the problem. If not, then check all the relevant networking issues before proceeding to inspect the certificate situation. Method 2: Regenerating New CertificatesThese warning messages could also come up if you’ve been working with expired certificates that you signed yourself. Should you need to regenerate them, try using If you’re working with a professional signatory firm that provides official World Wide Web certificates, then you should follow the specific instructions provided by your licensing organization. Otherwise, you’ll need to sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout KeyFile -out File, replacing KeyFile and File with the text that you were able to get out of the previous cat command. You should have found the location of two different files, which serve at the input and output for the certificates. Assuming that they were out of date, simply doing this should be enough to fix the error, but you may have to restart the service before it stops throwing warnings out at you. You can also find out a bit more about the certificates that you currently have installed to aid you in the troubleshooting process. To see what name is currently on your certificate to ensure it matches, you can run openssl s_client -showcerts -connect ${HOSTNAME}:443, though you’ll need to put your actual hostname between the brackets. Replace the 443 numeral if you’re having problems with a different port. On the off chance that you have multiple certificates installed on the same device and served from the same IP address, then you’ll need to run openssl s_client -showcerts -connect ${IP}:443 -servername ${HOSTNAME}, replacing IP with your actual IP and filling in the hostname. Once again, you may have to replace 443 with a different numeral to match your specific use case. Keep in mind that you have to ensure that the correct hostname gets specified as an alias or the common name when the CSR got created in the first place.
Kevin is a dynamic and self-motivated information technology professional, with a Thorough knowledge of all facets pertaining to network infrastructure design, implementation and administration. Superior record of delivering simultaneous large-scale mission critical projects on time and under budget. How do you fix server certificate does not include an ID which matches the server name?How to Fix the “Server Certificate Does NOT Include an ID Which Matches the Server Name” Issue (In 3 Steps). Step 1: Open the xampp/apache/conf/extra Directory. The first step is to open up the correct Apache directory in a file browser. ... . Step 2: Edit the httpd-ssl. conf File. ... . Step 3: Restart Apache.. How do I fix server certificate is not valid?How to Fix SSL Certificate Error. Diagnose the problem with an online tool.. Install an intermediate certificate on your web server.. Generate a new Certificate Signing Request.. Upgrade to a dedicated IP address.. Get a wildcard SSL certificate.. Change all URLS to HTTPS.. Renew your SSL certificate.. What does hostname does not match server certificate mean?A common name mismatch error occurs when the common name or SAN of your SSL/TLS Certificate does not match the domain or address bar in the browser. This can happen simply by visiting https://example.com instead of https://www.example.com if the certificate does not have them both listed in the SAN of the certificate.
How do I enable certificates on my server?In IIS Manager, do the following to create a self-signed certificate: In the Connections pane, select your server in the tree view and double-click Server Certificates. In the Actions pane, click Create Self-Signed Certificate. Enter a user-friendly name for the new certificate and click OK.
|