Hi,
We recently installed a new cert on our AES and it's working fine internally. However, we are now getting a security scan error:
"The subject common name (CN) field in the X.509 certificate does not match the name of the entity presenting the certificate...."

The CN on the cert in "indlaesa01" which is the server name. The system is not in a domain.

Any ideas why this would be considered the wrong CN?

I know absolutely ZERO about certificates.

Thanks!

When a client receives a certificate from a server, there are different levels of checking that it can do. One of these is to check that the IP address of the server matches the CN in the certificate. AFAIK, to do this, the client will either do a DNS lookup on the CN or a reverse-DNS on the IP address. If this fails or gives the 'wrong' answer, you will get an error.

In order to remove this error, I think the following are your possibilities, in increasing order of pain:

1. If possible, ignore it. After all, this is a certificate that you generated, in a lab environment.
2. If possible, remove the check.
3. Add indlaesa01 to the hosts file on the client. Hopefully, the client will use this and not bother with the DNS.
4. Add an entry for indlaesa01 in your DNS and make sure the client is using this DNS.
5. If all else fails, you may need to give your AE Services a FQDN (e.g. indlaesa01.local) and add that to the DNS. Then create a new certificate using the FQDN as CN.

Martin

Thanks Wilson,

I fear that this is going to lead to a larger problem in that none of our Avaya hardware is currently in a domain and all of them have gotten new certificates.

I appreciate the insight!

Thanks,

Doug