6

We're getting the occasional error:

[warn] RSA server certificate wildcard CommonName (CN) `*.example.com' does NOT match server name!?

(This is not a duplicate of Apache Config: RSA server certificate CommonName (CN) ... NOT match server name? read on)

This is non-fatal and is only happening occasionally.

The error is accurate... our cert's CN is doesn't match the VirtualHost. That's how it's supposed to work. We match a Subject Alternative Name.

Any idea what might cause this?

Community
  • 1
mgjk
  • 874
  • 3
  • 9
  • 20
  • 1
    As you said, the error is accurate. It's just a warning. – EEAA May 23 '12 at 21:33
  • 3
    It's a bit strange to have it warn me that my config is correct. It'd be nice to know the cause so that I could suppress the warning. – mgjk Jun 06 '12 at 14:00

1 Answers1

4

It's likely that this is caused by the ServerName being set to something other than *.example.com, you could test this by setting the following:

ServerName *.example.com
ServerAlias example.com
Joel Coel
  • 12,932
  • 14
  • 62
  • 100
Chris
  • 141
  • 2
  • 1
    According the the [docs on ServerName](http://httpd.apache.org/docs/2.2/mod/core.html#servername) it has to be an fqdn. It looks like [ServerAlias](http://httpd.apache.org/docs/2.2/mod/core.html#serveralias) can have wildcard addresses though. – ZombieDev Jan 27 '15 at 16:13