[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-users
Subject:    Re: [users@httpd] Certificate Bug
From:       "Dan Mahoney, System Admin" <danm () prime ! gushi ! org>
Date:       2013-12-27 22:01:24
Message-ID: alpine.BSF.2.00.1312271355230.44321 () prime ! gushi ! org
[Download RAW message or body]

On Wed, 18 Dec 2013, Dan Mahoney, System Admin wrote:

> All,
>
> We're in the process of spinning off our support department from one domain 
> to another.  This seemed simple enough, but the SSL is challenging.
>
> I'd like to ask about a weird certificate bug that I've encountered.  The 
> issue is pretty basic -- I have an SSL cert with support.newdomain.com 
> configured, and support.originaldomain.com configured as the 
> CertificateAltName.

As expected, zero responses on this thread, either public or private.

I'm mainly posting this back to the list for anyone else who may stumble 
upon this issue and wonder what we did to solve it.

The answer is "live with the broken behavior".  Live with the behavior 
that the ServerName is most certainly NOT what's in the CommonName of my 
certificate, and if I set it to be, apache complains that my cert is a CA 
cert and refuses to start.

It's certainly a bug.

The error messages most certainly are wrong and misleading, but may come 
from openSSL rather than apache itself.  If I should be posting this stuff 
to a different mailing list, please let me know.  I realize my question is 
far beyond the commonly-asked ones.

-Dan

-- 

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[prev in list] [next in list] [prev in thread] [next in thread]