How to fix the invalid name in the ssl certificate

Question

I generated ssl certificate with:

openssl genrsa -out key.pem 2048
openssl req -new -sha256 -key key.pem -out csr.csr
openssl req -x509 -sha256 -days 12775 -key key.pem -in csr.csr -out certificate.pem

but after checking my openssl server with ssllab I got the following invalid message:

How to fix this issue?

It looks like you are missing a basic understanding what the subject of a certificate should be and how to set it. See [Generating a self-signed cert with openssl that works in Chrome 58](https://serverfault.com/questions/845766/generating-a-self-signed-cert-with-openssl-that-works-in-chrome-58) for an example on how to proceed. — Steffen Ullrich, Dec 05 '17 at 20:33

score 0 · Answer 1 · answered Dec 05 '17 at 20:33

0

You need to use the fqnd (in the subject, which fully fits the hostname, in your case the external hostname as the tool you are using is targeting the external hostname) otherwise the certificate would be invalid.

And there is no real way to fix a certificate the correct way would be to revoke the wrong one and create a new one.

answered Dec 05 '17 at 20:33

BastianW

2,868
4
20
34

Subject? Do you mean subject alternative name – Jacob Evans Dec 05 '17 at 21:50
See https://stackoverflow.com/questions/650017/what-does-subject-mean-in-certificate – BastianW Dec 05 '17 at 22:19
https://tools.ietf.org/html/rfc2818 – Jacob Evans Dec 05 '17 at 22:22

How to fix the invalid name in the ssl certificate

1 Answers1