Once upon a time, Jeffrey Walton <noloader@xxxxxxxxx> said: > On Tue, May 2, 2023 at 6:22 AM Patrick O'Callaghan > <pocallaghan@xxxxxxxxx> wrote: > > # openssl x509 -in cert.pem -noout -text > > Certificate: > > Data: > > Version: 3 (0x2) > > Serial Number: > > 04:ff:0e:50:c1:ee:21:26:7d:96:d1:97:5e:45:5a:d3:74:09 > > Signature Algorithm: sha256WithRSAEncryption > > Issuer: C = US, O = Let's Encrypt, CN = R3 > > Validity > > Not Before: May 1 21:20:11 2023 GMT > > Not After : Jul 30 21:20:10 2023 GMT > > Subject: CN = bree.org.uk > > Subject Public Key Info: > > Public Key Algorithm: id-ecPublicKey > > Public-Key: (256 bit) > > pub: > > 04:68:eb:44:a1:68:a8:f9:a0:54:ee:6e:ec:15:02: > > 5c:e8:a7:39:d0:32:11:9d:d4:71:52:85:64:49:74: > > ca:cf:f3:ed:b5:c3:3c:45:cb:62:0d:4a:9b:cb:ae: > > 27:51:aa:f8:22:65:dc:6d:8f:e7:5c:39:bd:28:a4: > > 5e:d8:10:18:0b > > ASN1 OID: prime256v1 > > NIST CURVE: P-256 > > ... > > CN = R3 does not match Apache's ServerName. You are looking at the Issuer field (i.e. the cert that was used to sign this cert). And also, the Subject CN is not referenced by browsers anymore, only the subjectAltName DNS: entries (which were not shown). However, checking the public certificate transparency logs, the above cert is this one: https://crt.sh/?id=9283300806 That has subjectAltName field of "DNS:bree.org.uk", which appears correct. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
