> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten > Sent: Tuesday, March 15, 2005 11:33 PM > To: openssl-users@openssl.org > Subject: Re: Field CN and the certificates > > Back to your original problem -- You said you were accessing > the web server by using IE, was that client machine in the > same private network (as the server)? > > Have you tested accessing the web server from another client machine? > > Maybe you should start looking from the client-end.
Yes, I did this on 1 XP/IE on the same local network, 1 XP/IE from outside, 1 W2k/IE from outside, one Solaris 10 x86/Netscape on VPN network. All the IEs show the same error. Netscape on Solaris even shows "You have attempted to establish a connection with "abc.mydomain.com". However the security certificate presented belongs to "abc.mydomain.com" .... The thing makes me confused is the two host names that the warning displays are the same. Vu > > Vu Pham wrote: > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of Richard Sexton > >>Sent: Tuesday, March 15, 2005 8:45 PM > >>To: openssl-users@openssl.org > >>Subject: RE: Field CN and the certificates > >> > >> > >>>>>I use openssl to build a self-signed certificate for my web > >>>> > >>>>server. I imported the CA cert to my PC already. > >>>> > >>>>>When I open the web server, IE says the certificate is from a > >>>>>trusted CA as expected, the security certificate is > valid, but it > >>>>>says the name is invalid. > >>>> > >>>>You mean like this: https://paypal.com ? > >>> > >>>Yes, I access to https://abc.mydomain.com and CN=abc.mydomain.com > >>> > >>>More details : this server hosts two different name > abc.mydomain.com > >>>and def.mydomain.com, each with different ip ) for https access. > >>> > >>>I use <VirtualHost ip-of-abc.mydomain.com:443> and > >>>VirtualHost<ip-of-def.mydomain.com:443> and these virtual > hosts work > >>>because IE points to the correct DocumentRoot for each name. > >> > >>What is the reverse-dns for the IP address pointed to by > abc (and def) > >>mydomain.com ? > > > > > > Yes, A and PTR records are set correctly for both domains. I just > > double checked by nslookup. > > > > > > > >>I've seen Apache take an IP address pointed to by more than > one domain > >>look up the reverse and use whatever that is. For example > is you made > >>a cert for abc, yet def points to the same IP and the > reverse says def > >>then def is what it will use; this will not match abc and > you'll get > >>this error. > > > > > > I see your point. My server is "virtual hosts" by ip > addresses. I mean > > it has two names with two separate ip addresses. I can test > again by > > setting it to have only one ip and one host name . I will > post back the result. > > > > Thanks, > > > > Vu > > > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
