4 posts in this topic

I'm studying for the Security+ certification and don't really understand an answer to the question (see below). I've tried searching online and can't seem to find a clear answer on what a certificate CN is and what an A record is...can somebody please explain?...

Which of the following is true when Sara, a user, browsing to an HTTPS site receives the

message: 'Site name mismatch'?

A. The certificate CN is different from the site DNS A record.

B. The CA DNS name is different from the root certificate CN.

C. The certificate was issued by the intermediate CA and not by the root CA.

D. The certificate file name is different from the certificate CN.

Answer: A

Share this post

Link to post
Share on other sites

I'm taking my Security+ course in college right now so maybe I can help.

What answer A is basically telling you is that the Certificate Name (the web site name the certificate was issued to) does not match the host record (the web site name that Sara is visiting) on the DNS server.

Example: Sara types https://www.bobs-web-site.org into her browser and when she gets there her browser finds an SSL certificate issued to stans-web-site.net.

Does this help?

Share this post

Link to post
Share on other sites

I don't like the wording of the answer --- the dns record might not even come into play, What if the user is using a host file? Or what if user is accessing site via netbios name on a local lan?

Better wording might of been CN does not match url used to access site. Maybe the user accessed site via http:\\ipaddress

A dns A record is an IP for a host name in a specific zone - so again wording is not correct for what they are wanting you to understand.

What if going to www.domainx.com which is a cname that points to www.domainb.com, etc. No A record for the FQDN (fully qualified domain name) the user used to access the site. There would be an A record for www.domainb.com, but no A record for where you went.

CN stands for common name, which is a field on the cert when generated.

if you get a mismatch error, all its telling you use the URL in your browser does not match the common name on the cert. Saying it does not match the A record is not really accurate since they don't even say how the user accessed the site. Could of been via IP or netbios name, etc.

Not sure what material your using - but seems from your multiple questions in the past, its not a very good resource.

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.