IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

SSL Certificate - Subject Common Name Does Not Match Server FQDN ISAM Policy server

  • 1.  SSL Certificate - Subject Common Name Does Not Match Server FQDN ISAM Policy server

    Posted Sun July 11, 2021 04:14 AM

    Hello,

    In our Policy server we got an issue stating SSL Certificate Subject Common Name Does Not Matching with Server FQDN. But we have replaced with CA certs and adjusted Subject DN with same value. But in our scan report its still saying DN is matching.

    Can I know how can I mitigate this.

    Thanks.



    #Support
    #SupportMigration
    #Verify


  • 2.  RE: SSL Certificate - Subject Common Name Does Not Match Server FQDN ISAM Policy server

    Posted Wed July 14, 2021 04:32 PM

    Hello Venugopal,

    This will depend on the port in question.

    If the port is '443' which would be the LMI address then you can confirm with your browser or with 'openssl s_client -connect' that the certificate value matches your LMI FQDN.

    There is also the following technote on how to replace the LMI certificate:

    https://www.ibm.com/support/pages/replace-self-signed-certificate-ca-signed-certificate-isam-lmi

    If the port in question is port '7135' then that is the Policy Server's port. This is not a web server port and is used only for ISAM Administration traffic. It is not possible to change the certificate used on this endpoint.

    If the above do not help resolve this issue please either open a support case for further information or reply to my answer here.



    #Support
    #SupportMigration
    #Verify