Forum Discussion
SSL Certificate with Wrong Hostname
SSL Certificate with Wrong Hostname The SSL certificate for this service is for a different host. The commonName (CN) of the SSL certificate presented on this service is for a different machine. Purchase or generate a proper certificate for this service
solution provided on other sites : "Purchase or generate a proper certificate for this service."
What is the proper solution to go away for this vulnerability from linux machines and how to implement the solution ?
- Simon_BlakelyEmployee
> solution provided on other sites : "Purchase or generate a proper certificate for this service."
This is the correct answer - you need to update your certificate with the appropriate CN name or Subject Alternative Name (SAN).
When someone connects to your website over SSL/TLS, you send them a certificate.
They compare the domain name they were connecting to (www.yoursite.com) to the CN and SAN of the presented certificate. If there is no match, their browser shows the warning.
With an LTM and a vs with a client-ssl profile and server-ssl profile, you can present the correct certificate from the virtual server, and you do not need to ensure that all the pool members have the correct certificate.
But you do need to have the matching certificate on your virtual server.
You will need to create a new Certificate Signing Request (CSR) for your Certificate Authority, and update the certificate.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com