Dealing With Certificate Warnings
Novell Cool Solutions: Tip
Digg This -
Posted: 19 Jul 2002
From: Sylvain G.
I was getting annoyed that every time I opened up a server portal (for the first time) in a session, I would be greeted with a "host name is not the same as in the certificate" warning message. I never managed to deal with it (just managed to get annoyed).
The other day, I entered the server's IP address instead of its host name and to my dismay, I didn't get the infamous warning, then suddenly, I saw the light :-) The portal is using the 'SSL CertificateIP' certificate. I changed it to 'SSL CertificateDNS' and voila, no more warning when using the host name! So, although so evident, I never realized until then that 'SSL CertificateIP' was a SSL certificate based on the IP address while 'SSL CertificateDNS' was a SSL certificate based on the DNS host name. Like I said, I saw the light :-)
From: Rob R.
You know you can also create a server certificate and assign it to the server application (Portal, web server, BMEE, etc.) and by using the custom setup you can edit the Certificates CN which is different from its NDS CN. With the eDir 8.6.2 version of NICI you can even give it multiple CN names, e-mail, and IP addresses. You can even create and use a server certificate from a 3rd party CA like Verisign.
We had the same issue (warning that the cert name didn't match the server name), despite using SSL CertificateDNS, and verifying certificate health with PKIDIAG.
There is a command line parameter you can add when you load httpstk that will make it use the DNS name instead of the IP address, which will resolve the issue. Use:
load httpstk.nlm /SSL /keyfile:"SSL CertificateDNS" /hostids:1
hostids:1 will force it to use host names in the URL, hostids:0 would force it not to.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com