RSA server certificate CommonName (CN) does NOT match server name warning in Proxy log for AM (All versions)
The purpose of this article is to provide assistance if you receive a RSA® server certificate CommonName (CN) does NOT match server name warning in the Proxy log for AM. This warning occurs when SSL is in use and AM is deployed on the Apache Tomcat™ web container.
Symptoms
The following warning is shown in the Proxy log:
[Thu Feb 26 12:34:58 2015] [warn] RSA server certificate CommonName (CN) `am.example.com' does NOT match server name!?Recent Changes
Enabled SSL.
Made changes to your proxy configuration or server certificate.
Causes
The ServerName value in your proxy configuration does not match the CommonName (CN) on the server certificate.
Solution
This issue can be resolved by making one of the following changes:
- Change the ServerName in your proxy configuration to match the CommonName on the server certificate. The CommonName is given in the warning message.
- Change the CommonName of the certificate key to match the ServerName in your proxy configuration.
Virtual Hosts
Typically when you configure an http server to use SSL, you define a VirtualHost, and assign it a ServerName and a ServerAlias; ensuring the vhost ServerName matches the CommonName in the certificate.
For example:
The CommonName in the certificate = www.am.example.com but the vhost’s ServerName is set to sso.example.com.
Change the vhost ServerName to match the certificate CommonName (www.am.example.com) and change the ServerAlias to sso.example.com:
<VirtualHost xx.yy.zz.aa:443> ServerName www.am.example.com ServerAlias sso.example.com </VirtualHost>See Also
N/A
Related Training
N/A
Related Issue Tracker IDs
N/A