AnsweredAssumed Answered

Certificate detection finds "wrong" certificate.

Question asked by letharion on Jul 30, 2012
Latest reply on Jul 30, 2012 by letharion

After readin "Living with HTTPS"[1] I decided to switch my private site over to HTTPS only. I got a free certificate from StartCom[2], installed it, tweaked my vhost a bit, restart apache, and all seemed well at first.

 

Visiting the site normally, all attempts at reaching the site redirect to the https-version, and both Firefox and Chromium happily agree that the connection is secure. (Although Konqueror seems to refuse StartCom as trustworthy). When I check the

 

However, when I go to SSL Labs to test the domain, then I immediately get

"Common names localhost   MISMATCH"

 

localhost? Ok, after some digging, my apache setup has a default, self-signed certificate with the common name "localhost". However, I can't seem to figure out how SSL Labs "finds" it. No attempt from me connecting with a regular browser can produce this problem, which makes it very hard for me to diagnose and do something about it.

 

I read "Two common names results in mismatch?"[3]. I thought that my certificate had both CN=www.example.com and CN=example.com, but on closer inspection it seems like I only have CN=www.example.com, so I changed my vhost setup from responding to example.com, to www.example.com.

 

However, this doesn't help with SSL Labs, although Firefox and Chromium happily accept the update.

 

[1]: http://www.imperialviolet.org/2012/07/19/hope9talk.html

[2]: https://www.startcom.org/

[3]: https://community.qualys.com/message/14488#14488

Outcomes