Friday, 25 April 2014

RSA server certificate CommonName (CN) '' does NOT match server name


I was getting this error on restarting of my Apache,

"I receive the Error: "RSA server certificate CommonName (CN) '' does NOT match server name"?"

And there was on website which was able to tell me that is something wrong, which is

In my case, I had missed an entry of "ServerName" directive in Apache virtual host configuration.

<VirtualHost _default_:443>

SSLEngine on
SSLCertificateFile /root/ssl/domain.crt
SSLCertificateKeyFile /root/ssl/server.key
SSLCertificateChainFile /root/ssl/bundle.crt


So after entering the ServerName, apache error.log file stopped showing the error message. And the website sslshopper also, started getting the certificate of diagnosis, which made me believe, that issue is resolved.

In general, you should also check
1. DNS entry (host name and IP is correct)
2. /etc/hosts file
3. while creating CSR file, did you miss the common name by any chance, In this case create a new CSR and Re-key the certificate and deploy new certificates.
4. Check in Apache or Nginx, ServerName must match, certificates are issued for a fix domain.