I just launched a new website and installed a certificate on it and I started getting the following error messages in the ssl_erro_log:
[Fri Jun 21 15:24:53 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Jun 21 15:24:53 2013] [warn] RSA server certificate CommonName (CN) `MYSERVER' does NOT match server name!?
Now my website specific config for SSL looks like this:
<VirtualHost 10.65.61.12:443>
ServerName www.mywebsite.com
ServerAlias mywebsite.com www.mywebsite.co.uk mywebsite.co.uk
DocumentRoot /data1/www/sites/www.mywebsite.com/public
ErrorLog /data1/log/httpd/www.mywebsite.com/error.log
CustomLog /data1/log/httpd/www.mywebsite.com/access.log combined
<Directory /data1/www/sites/www.mywebsite.com/public>
AllowOverride All
Options -Indexes
</Directory>
##SSLEngine On
SSLCertificateFile /data1/www/ssl/www.mywebsite.com/www.mywebsite.com.crt
SSLCertificateKeyFile /data1/www/ssl/www.mywebsite.com/www.mywebsite.com.key
</VirtualHost>
The server that I'm using is:
CentOS 6 (64 Bit)
Apache/2.2.15 (Unix)
Does anyone know how to resolve this issue?
Thanks
Best Answer
It appears to me that the CN for the certificate is MYSERVER while the FQDN of the web site is www.mywebsite.com, which doesn't match the CN of the certificate, which is why you get the error message. You need the CN of the certificate to match the FQDN of the web site.