Common Name does not match Server Name - SSL Certificate

Question

I recently purchased an SSL certificate.

I've got www.site.com.key, www.site.com.csr, intermedia.pem, www.site.com.crt all set up in my /etc/ssl/localcerts folder.

When I open my browser I get the following :

The other problem I get is within /var/log/apache2/error.log :

[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

[warn] RSA server certificate CommonName (CN) `site.com' does NOT match server name!?

I think the problem is that I've submitted the .csr file with the common name being site.com instead of www.site.com. Therefore the common name, not matching with my server name - www.site.com

Is there any way to get around this problem by manipulating the servername on the server? How can I do this? Or do I have to re-consider getting another SSL certificate with the right credentials?

Thanks in advance.

Answer 1

I would not change the server name, since that would mean that all your search engine results would need updating, and that will take time.

When purchasing server certificates, the standard way is to send the .csr with www. prefix. The certificate provider will then issue a certificate both with and without the prefix.

Answer 2

In your certificate request, you must add "Subject Alternate Names" (SAN). Your certificate CN will still be site.com, but the SAN will have the other names your website is reachable with, such as:

• site.com
• www.site.com
• anything-other-as-long-as-it-works.example.com

You'll notice that the I've added the CN in the list of CN and that hosts name need not be in the same domain.