Re: [MLUG] server site certificates (was "network cables?")

[Mikhail Kovalenko <EMAIL:PROTECTED>]

Rob Judd wrote:
> 
> ...This will ask a load of questions.  Most of it is informational, but to
> ensure that you don't get your browser complaining at you with "the site
> name on this certfiicate is not the same as the name of the server" make
> sure that the ___Common Name___ field has the name of your server as given
> by the ServerName directive in httpd.conf.
> 
> Here's what the documentation says (if what I said isn't clear enough):
> Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server
> when OpenSSL prompts you for the "CommonName", i.e. when you generate a
> CSR for a website which will be later accessed via https://www.foo.dom/,
> enter "www.foo.dom" here.

That was it! Not just a Fully Qualified Domain Name, but the one set in
httpd.conf! You see, my machine has a 'www' alias in DNS, so you can
access it by either 'domain.net' or 'www.domain.net'. The ServerName
directive was set to 'www.domain.net' so that Apache would return that
rather than the whole domain's name (for future expansion :). My
certificates were also made for the www.domain.net. However, I tend to
take shortcuts and access the webserver with 'domain.net'. That was the
problem. E-mail was also signed with the same certificates so setting
'mail server' to 'www.domain.net' solved that problem also.

The thing that confused me was that the browser warning didn't present
neither the correct domain name nor the requested URL. It was blank.
It's kinda hard to troubleshoot things like that :)

Thanks, Rob and Blake.
-- 
Misha Kovalenko
Webmaster               Columbia College
Tel.: 573-875-7314      1001 Rogers
Fax: 573=875=7320    Columbia, MO 65216 USA
Please be much notice! http://www.engrish.com
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/