Re: [apache-ssl] Certificate question

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] Certificate question
From: Wyman Eric Miles <wymanm@is.rice.edu>
Date: Thu, 7 May 1998 06:56:26 -0500 (CDT)
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
In-Reply-To: <199805070723.QAA05871@mail.tne.net.au>
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Reply-To: apache-ssl@lists.aldigital.co.uk

This is documented on Netscape's technical support site.  Basically, the
client compares the common name given in the certificate to the URL.  If
the two don't match, you get that error.  For example:

Our test server is pecos.is.rice.edu and I (oops) created a certificate
with a CN of "Rice University" and received that error.  If I create a
certificate with a CN of "(pecos.is.rice.edu|pecos.is|pecos)" I'm covered
for any way visitors can come to the site and they shouldn't receive that
error message; https://pecos or https://pecos.is or
https://pecos.is.rice.edu

You can either use common names like the above that are a series of values
OR'd inside parenthesis or just give the name of the site as it should be
accessed: "ruf.rice.edu"

Wyman

On Thu, 7 May 1998, Steven Bolbot wrote:

> Well I finally got the server up and running :)
> One question I do have though: When I connect with a web browser (in this
> case Netscape) it displays this:
> The certificate that the site 'storm.lightning.tne.net.au' has presented does
> not contain the correct site name. It is possible, though unlikely, that
> someone may be trying to intercept your communication with this site. If you
> suspect the certificate shown below does not belong to the site you are
> connecting with, please cancel the connection and notify the site
> administrator. 
> 
> Exactly where do I put the site name so this error message doesn't come up?
> 
> Thanks
> - SB
> ________________________________________________________________________
>                                                  
>   \  |_)             |                     Steven Bolbot
> |\/ | | __ \   _ \  __|  _` | |   |  __|  sjb@tne.net.au
> |   | | |   | (   | |   (   | |   | |     ICQ: 1221679
> _|  _|_|_|  _|\___/ \__|\__,_|\__,_|_|     http://Minotaur.home.ml.org
>                                           
>     Go to
> <http://minotaur.home.ml.org/sjb.asc>http://Minotaur.home.ml.org/sjb.asc
> for my
> PGP Public Key.
> ======================================================================== 
> Out of the token ring, through the router, to the t1, down the fiber, over the
> cable, through a
>                  repeater, off another router, past the firewall...Nothing but
> net!  
> 

Wyman Miles
Systems Administrator, Systems and LAN Management, Rice University, Texas.
(713) 737-5827, e-mail:wymanm@rice.edu, pager:wymanm@pager.rice.edu
SalMoN AntiSpam software for UNIX: http://is.rice.edu/~wymanm/smn

Follow-Ups:
- Re: [apache-ssl] Certificate question
  - From: Marc Slemko <marcs@znep.com>

References:
- Certificate question
  - From: Steven Bolbot <sjb@tne.net.au>

Prev by Date: Re: [apache-ssl] Maximum key pair size
Next by Date: Certificate access in CGI-Script
Prev by thread: Re: [apache-ssl] Certificate question
Next by thread: Re: [apache-ssl] Certificate question
Index(es):
- Date
- Thread