SSL: certificate subject name 'server.example.com' does not match target host name 'server'
Environment
- SSL/TLS client
Issue
- I have checked DNS and the SSL cert and they all have the fully qualified domain name so I am not sure why it thinks that is the target host name.
Resolution
Make sure the client access the server by using the subject specified in the server certificate. Normally the server certificates subject(CN) includes the Fully Qualified Name of the server, so the client should access the server using the same. The connection would fail if the client try to use short name or IP address of the server.
# certutil -L -d . -n "directory-Server-Cert"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1001 (0x3e9)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=GSS PNQ CA,O=GSS,L=Pune,ST=Maharashtra,C=IN"
Validity:
Not Before: Fri Apr 05 19:00:53 2013
Not After : Wed Apr 05 19:00:53 2073
Subject: "CN=ldap.example.com"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d9:b1:a6:ab:1f:56:7e:1c:53:04:78:4e:77:36:51:5f:
79:3d:e8:6a:b6:5b:9e:f4:29:8f:59:6f:b8:1d:3e:57:
31:15:ef:03:f6:7c:9a:4a:47:9b:9a:2d:f6:46:82:6c:
e7:1c:a9:0f:07:6c:03:40:03:03:64:7b:0b:60:9b:9d:
7d:f3:50:b9:b7:03:f5:7c:7f:e9:99:2d:45:6a:59:98:
ec:ad:23:2d:e4:27:c6:35:10:7a:98:1b:c9:59:53:a9:
d1:a6:4e:21:3b:fc:84:bb:a0:27:bc:67:ad:e3:25:d2:
06:04:44:b3:cd:fa:5b:81:37:ae:46:04:57:e6:35:89
Exponent: 65537 (0x10001)
Diagnostic Steps
- Use openssl command to get details of the certificate.
# openssl x509 -in <pem format certificate file> -noout -text
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.