Wednesday, March 20, 2013

Apache returns wrong CN Certificate

I was getting a certificate which would show up for issuer and subject a domain corresponding to the fully qualified hostname instead of the domain which the server was supposed to be serving.

It ended up being the directive ServerName which was set as the domain we wanted to serve instead of just localhost. The only way you can leave ServerName as the certificate CN is if the machine's name is the same as the CN. So to be safe:
$ grep ServerName /etc/apache2/apache2.conf
ServerName localhost 
Of course you will use the real ServerName inside the virtual host later on:
<VirtualHost  sample.com:443>
 ...
 ServerName sample.com
 ...
BTW if you fail to set ServerName in apache2.conf you will face a warning like the below:
apache2: Could not reliably determine the server's fully qualified domain name, using 172.16.1.9 for ServerName

No comments:

Followers