Fri 17 Jan 2025 4:25PM
SSL certificate
engineer2024
Public
Seen by 94
I have a SSL certificate bought from a vendor for my domain. When I install this certificate on a server which is running not on the domain mentioned in the certificate, when I do openssl s_client to that server, it is showing verify as OK and handshake is a success. Now my question is, how is that certificate working, if it created for a specific domain, as in this case, the server on which it is installed does not serve under that domain name ?
Tomas Mraz Fri 17 Jan 2025 4:54PM
Please also note that this is not a support forum. If you want to ask a public support question, please open a new Q&A Discussion topic by following this link. https://github.com/openssl/openssl/discussions/new?category=q-a
This of course assumes you have a Github account.
Viktor Dukhovni · Fri 17 Jan 2025 4:34PM
Don't confuse trust path verification with hostname verification. Unless you tell `s_client` to verify a specific domain name in the certification, the verification status will reflect just the authenticity of the certificate, with no specific check of the domain name.
The `-verify_hostname <some-hostname>` option of `s_client` will also check the hostname. If you also use `-verify_return_error` it will abort the connection when verification fails.