From Aktivix
Jump to: navigation, search

This site uses a cert from CAcert for https and the CSR for this was generated using the bash script at the end of the CAcert Vhosts page:

FQDN/CommonName (ie. :
Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish

This means that one can accesses this site from alternate addresses, eg:

And they both all the same IP address and if you have the CAcert root cert installed you will get no https warnings. 3 of these domains just do a redirect to but they still illustrate the point...

Domain Name Mismatch error

If you have UseCanonicalName Off and a VirtualHost with ServerAlias' or if you don't repeat the CommonName as a SubjectAltName then you get this error message in Mozilla / Firefox:


And this error in IE:


Repeating the CommonName as a SubjectAltName

Note that the cert this site uses has as the CommonName and as a SubjectAltName because without it being repeated you get the error message above.


Apache has UseCanonicalName On by default and when it is on you can use one VirtualHost with multiple ServerAlias' with all these ServerAlias' and the ServerName in the cert.

If however you have UseCanonicalName Off the you can't use any ServerAlias' and you have to have one VirtualHost per ServerName and then set all the VirtualHost's to use the same cert.

See the Apache docs for more info.