Subject CN in certificate not server name or identical to CA - Error
For integrating a payment gateway with the web server, we were using
certificate based authentication. The gateway sends certificate to the
web server for authentication during which we are observing the
following error in Apache ssl logs (enabled to debug mode)
[Mon Jul 21 12:35:14 2008] [info] [client 220.127.116.11] SSL library
error 1 in handshake (server [url]www.mysite.com:5403[/url])
[Mon Jul 21 12:35:14 2008] [info] SSL Library Error: 336151570 error:
14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Subject CN in certificate not server name or identical to CA!?
The web server generated a certificate request with CN set to [url]www.mysite.com[/url]
and the same has been signed by an external CA. The signed certificate
is being used as the value for SSLCertificateFile in the Apache SSL
In the ssl.conf (Apache) the ServerName is set to [url]www.mysite.com[/url] which
is the public name for the site. This name has been added to /etc/
hosts with IP address mapping(18.104.22.168)
The hostname where Apache is running is webserv.gov.in and resolves to
a different IP address.
We are using httpd 2.2 on a CentOS platform. We are almost pulling our
hair from last week. The payment gateway people say other clients who
are using IIS 5.0 aren't facing any issues and only we people(Apache)
are having this issue.
Any pointers/response on this would be of really great help.
Thanks & Regards,