Should I care that the "server certificate does NOT include an ID which matches the server name"?
In general the warning "server certificate does NOT include an ID which matches the server name" is a warning (not a fatal error) addressed at the system administrator that they most likely made a configuration error indicating that the wrong TLS server certificate has been set, or at least that Apache httpd can't match the ServerName to the common name or any of subjectAlternateName in the certificate.
In your case simply switching the ServerName and ServerAlias directives will get rid of the startup error.
<VirtualHost 1.2.3.4:443>
ServerName www.example.com
ServerAlias example.com
But you might want to get an actual certificate for example.com if it is not included as an Subject Alternate Name entry on the www.example.com certificate.
Related videos on Youtube
Comments
-
Quasdunk over 1 year
I have the following config:
<VirtualHost 1.2.3.4:443> ServerName mydomain.com ServerAlias www.mydomain.com ... </VirtualHost>
I want
www.mydomain.com
to be the primary domain, but I also want the user to be able to just typemydomain.com
and then I redirect them towww
. So the the Certificate Name iswww.mydomain.com
. But with that I keep getting this warning when starting apache:AH01909: mydomain.com:443:0 server certificate does NOT include an ID which matches the server name
Everything is working fine though and I also get an A-rating on ssllabs.com. But still this warning bugs me and I'm wondering if I'm maybe missing something here?
Obviously the certificate's CN does not match the Server Name, but it still matches an Alias.
Is this "bad practice" or is there another way to handle this that does not produce this warning? Should I even care about it? In the end it's just a warning that something might be wrong, but it's not. Or could this cause issues on the client side?
So far everything worked fine for me and the users didn't complain, so I guess everything is working correctly.
-
Quasdunk over 7 yearsThanks, that's what I went with. But I'm still curious: Is this warning actually something to worry about because it could cause issues on the client side?
-
HBruijn over 7 yearsIt is a warning that the VirtualHost does not match the SSL certificate which is quite likely a human error made by the sysadmin. It is just a warning though, not a fatal error.
-
Chaminda Bandara almost 5 yearsBut, I am getting
ERR_SSL_PROTOCOL_ERROR
at the browser. Server is running and the service also working at 443.