Re: More fun with SSL certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> Am 02.05.2023 um 15:25 schrieb Jeffrey Walton <noloader@xxxxxxxxx>:
> 
> On Tue, May 2, 2023 at 6:22 AM Patrick O'Callaghan
> <pocallaghan@xxxxxxxxx> wrote:
>> 
>> On Mon, 2023-05-01 at 23:41 +0100, Barry wrote:
>>> 
>>> 
>>>> On 1 May 2023, at 23:22, Patrick O'Callaghan
>>>> <pocallaghan@xxxxxxxxx> wrote:
>>>> 
>>>> My small web server appears to be working and even has https,
>>>> however
>>>> I've noticed this in /var/log/httpd/ssl_error_log:
>>>> 
>>>> [...] AH01909: bree.org.uk:443:0 server certificate does NOT
>>>> include an ID which matches the server name
>>>> 
>>>> The ServerName is set to bree.org.uk, and that's the name under
>>>> which I
>>>> obtained the certificate, so I'm not sure what's going on here.
>>> 
>>> Have openssl turn your cert into readable text to check.
>>> From memory its this command.
>>> 
>>> $ openssl x509 -in your-cert -noout -text
>>> 
>>> Does it include SNI and your domain name?
>> 
>> # openssl x509 -in cert.pem -noout -text
>> Certificate:
>>    Data:
>>        Version: 3 (0x2)
>>        Serial Number:
>>            04:ff:0e:50:c1:ee:21:26:7d:96:d1:97:5e:45:5a:d3:74:09
>>        Signature Algorithm: sha256WithRSAEncryption
>>        Issuer: C = US, O = Let's Encrypt, CN = R3
>>        Validity
>>            Not Before: May  1 21:20:11 2023 GMT
>>            Not After : Jul 30 21:20:10 2023 GMT
>>        Subject: CN = bree.org.uk
>>        Subject Public Key Info:
>>            Public Key Algorithm: id-ecPublicKey
>>                Public-Key: (256 bit)
>>                pub:
>>                    04:68:eb:44:a1:68:a8:f9:a0:54:ee:6e:ec:15:02:
>>                    5c:e8:a7:39:d0:32:11:9d:d4:71:52:85:64:49:74:
>>                    ca:cf:f3:ed:b5:c3:3c:45:cb:62:0d:4a:9b:cb:ae:
>>                    27:51:aa:f8:22:65:dc:6d:8f:e7:5c:39:bd:28:a4:
>>                    5e:d8:10:18:0b
>>                ASN1 OID: prime256v1
>>                NIST CURVE: P-256
>> ...
> 
> CN = R3 does not match Apache's ServerName.

CN = R3 refers to the issuer, not your web server. As far as I can see, your certificates is OK.






--
Peter Boy
https://fedoraproject.org/wiki/User:Pboy
pboy@xxxxxxxxxxxxxxxxx

Timezone: CET (UTC+1) / CEST (UTC+2)


Fedora Server Edition Working Group member
Fedora docs team contributor
Java developer and enthusiast


_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux