Quick tip: Fixing common name / server name warning messages

Published 2012-11-01

When you configure Apache httpd to server SSL you'll most likely define a VirtualHost, give it a ServerName, possibly a ServerAlias and various other settings. If you did everything correctly, the site will come up with the familiar green/gold/blue https markers, instead of a big red warning page. If you got to this point but you are still seeing the following error message in your logs, most likely, you have flipped your ServerName and the certificate's alternative name.

[warn] RSA server certificate CommonName (CN) `example.com' does NOT match server name!?

At least this turned out to be the mistake I made when configuring one server with a certificate which had example.com as the common name and www.example.com as the alternative name. You can find what your certificate delivers (in Chrome) under "Certificate Fields", "Extensions", "Certificate Subject Alternative Name". Your VirtualHost has to match the certificate's preference to not throw the warning. So simply change the former to the latter, even if you are primarily (or only) serving from www.example.com.

Logs an error in my case:

ServerName www.example.com
ServerAlias example.com

Does not log an error:

ServerName example.com
ServerAlias www.example.com

Tags: apache, httpd, ssl, https, Linux