Re: More fun with SSL certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, May 2, 2023 at 6:22 AM Patrick O'Callaghan
<pocallaghan@xxxxxxxxx> wrote:
>
> On Mon, 2023-05-01 at 23:41 +0100, Barry wrote:
> >
> >
> > > On 1 May 2023, at 23:22, Patrick O'Callaghan
> > > <pocallaghan@xxxxxxxxx> wrote:
> > >
> > > My small web server appears to be working and even has https,
> > > however
> > > I've noticed this in /var/log/httpd/ssl_error_log:
> > >
> > > [...] AH01909: bree.org.uk:443:0 server certificate does NOT
> > > include an ID which matches the server name
> > >
> > > The ServerName is set to bree.org.uk, and that's the name under
> > > which I
> > > obtained the certificate, so I'm not sure what's going on here.
> >
> > Have openssl turn your cert into readable text to check.
> > From memory its this command.
> >
> > $ openssl x509 -in your-cert -noout -text
> >
> > Does it include SNI and your domain name?
>
> # openssl x509 -in cert.pem -noout -text
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             04:ff:0e:50:c1:ee:21:26:7d:96:d1:97:5e:45:5a:d3:74:09
>         Signature Algorithm: sha256WithRSAEncryption
>         Issuer: C = US, O = Let's Encrypt, CN = R3
>         Validity
>             Not Before: May  1 21:20:11 2023 GMT
>             Not After : Jul 30 21:20:10 2023 GMT
>         Subject: CN = bree.org.uk
>         Subject Public Key Info:
>             Public Key Algorithm: id-ecPublicKey
>                 Public-Key: (256 bit)
>                 pub:
>                     04:68:eb:44:a1:68:a8:f9:a0:54:ee:6e:ec:15:02:
>                     5c:e8:a7:39:d0:32:11:9d:d4:71:52:85:64:49:74:
>                     ca:cf:f3:ed:b5:c3:3c:45:cb:62:0d:4a:9b:cb:ae:
>                     27:51:aa:f8:22:65:dc:6d:8f:e7:5c:39:bd:28:a4:
>                     5e:d8:10:18:0b
>                 ASN1 OID: prime256v1
>                 NIST CURVE: P-256
> ...

CN = R3 does not match Apache's ServerName.

Jeff
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux