The Web Client (Vantage Storage Point) URL is showing the error NET::ERR_CERT_COMMON_NAME_INVALID
search cancel

The Web Client (Vantage Storage Point) URL is showing the error NET::ERR_CERT_COMMON_NAME_INVALID

book

Article ID: 276030

calendar_today

Updated On:

Products

Vantage Storage Resource Manager

Issue/Introduction

With the IP address specified in the url, for example, using this link:

https://xx.yyy.zz.mm:nnnn/VantageGMI/

...received the error:

Your connection is not private

Attackers might be trying to steal your information from xx.yyy.zz.mm (for example, passwords, messages or credit cards). Learn more

 NET::ERR_CERT_COMMON_NAME_INVALID

Cause

Customer might be using a hostname SSL certificate, instead of an IP SSL certificate, which is fine. Both IP address and host name are a valid Common Name in the SSL certificate. In both the cases, the SSL certificate is for the internal networks or intranets.

Resolution

In the Vantage Installation Report, the IP address reference is present because that is the only thing Vantage Installation is able to figure out on that level. This hostname/IP SSL certificate is resolved one level up so the customers need to figure out by themselves. Also, in OMVS the following command gives the DNS hostname and corresponding IP address:


$host `hostname`

Usually the organization uses one type of certificate - either IP or hostname - not both of them together, so in this instance customer needs to use the DNS address:  https://xyz.server.net:nnnn/VantageGMI/  nstead of https://xx.yyy.zz.mm:nnnn/VantageGMI/  and it is fine - all is correctly set up.

IP SSL certificates are even less commonly used than hostname SSL certificates, because they are less flexible. If the customer has an IP SSL certificate and wants to move the customer's website to a different server with a different IP address, then the customer would need to obtain a new certificate;  however, if the customer has a hostname SSL certificate, then the customer can simply update their DNS records to point to the new IP address, and their certificate will still be valid.

In general, it is recommended to use the hostname SSL certificates over the IP SSL certificates whenever possible, as they provide more flexibility and are easier to manage.