1. EAGLE Application Processor Security Guide
  2. SSL Certificate Hostname Discrepancy

A SSL Certificate Hostname Discrepancy

Web Server Misconfiguration: SSL Certificate Hostname Discrepancy

Probable Cause and Possible Resolutions:

This vulnerability can be caused by any of the following scenarios:
  • Host is scanned through the IP address instead of Fully Qualified Domain Names (FQDNs)
  • FQDN does not match with the certificate CN (Common Name) or SAN

    Note:

    It is recommended to use the hostname instead of IP address in CN for the vendor provided certificates.

Following are some of the ways to connect (scan) using the hostname instead of IP address:

  1. Add mapping of IP and hostname in host’s file (/etc/hosts).

    Open the the /etc/hosts file and add a line in the end

    <IP address> <hostname>

    Example: 10.75.124.247 epap1234

    where, 10.75.124.247 is the IP address and epap1234 is the hostname.

  2. Add a hostname mapped to the device mac address in the connected router DHCP settings. Customer’s Network administration should perform this step.
  3. Add the IP and hostname mapping entry in the local DNS server. Customer’s Network administration should perform this step.