On Mon, 2023-05-01 at 23:41 +0100, Barry wrote:
>
>
> > On 1 May 2023, at 23:22, Patrick O'Callaghan
> > <pocallaghan@xxxxxxxxx> wrote:
> >
> > My small web server appears to be working and even has https,
> > however
> > I've noticed this in /var/log/httpd/ssl_error_log:
> >
> > [...] AH01909: bree.org.uk:443:0 server certificate does NOT
> > include an ID which matches the server name
> >
> > The ServerName is set to bree.org.uk, and that's the name under
> > which I
> > obtained the certificate, so I'm not sure what's going on here.
>
> Have openssl turn your cert into readable text to check.
> From memory its this command.
>
> $ openssl x509 -in your-cert -noout -text
>
> Does it include SNI and your domain name?
# openssl x509 -in cert.pem -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:ff:0e:50:c1:ee:21:26:7d:96:d1:97:5e:45:5a:d3:74:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = Let's Encrypt, CN = R3
Validity
Not Before: May 1 21:20:11 2023 GMT
Not After : Jul 30 21:20:10 2023 GMT
Subject: CN = bree.org.uk
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:68:eb:44:a1:68:a8:f9:a0:54:ee:6e:ec:15:02:
5c:e8:a7:39:d0:32:11:9d:d4:71:52:85:64:49:74:
ca:cf:f3:ed:b5:c3:3c:45:cb:62:0d:4a:9b:cb:ae:
27:51:aa:f8:22:65:dc:6d:8f:e7:5c:39:bd:28:a4:
5e:d8:10:18:0b
ASN1 OID: prime256v1
NIST CURVE: P-256
...
There is no SNI entry.
poc
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
