ERROR [warn] RSA server certificate CommonName (CN) `192.168.125.57′ does NOT match server name!?
#####################################################
This is a normal error, and it can mean a red flag or something normal.
Certificates work by giving trust to 1 site only. The name of the site in the certificate goes in the CN field, there is only 1 CN field, and only 1 value can go in the CN field. CN stands for common name that is. The CN can be an IP or a HOSTNAME or a PERSONS/CORPORATION NAME – for website stuff we select IP or HOSTNAME obviously.
EXAMPLE:
Best way to explain when this error comes up is by example:
Imagine company www.xyz.com and they made a CERTIFICATE for common name www.xyz.com
They apply thier new trusted certificate to their devices and their webserver (remember the CN for that cert is www.xyz.com)
When they access those devices/webserver via www.xyz.com that ERROR will not come up.
However when they access via the IP or another hostname (like the local hostname) there will be an error.
So lets say a Customer accesses the webserver from www.xyz.com:443 or www.xyz.com:8443 or any other port via HTTPS. There will not be a red flag for that error, that error will not happen.
If they look up the ip of www.xyz.com and find out its 1.1.1.1 and then access the website via 1.1.1.1:443 or 1.1.1.1:8443 then the red flag will come up, that error will happen.
It doesnt mean the certificate is not applied and not checked, its applied and checked. The traffic is still encrypted. Its just a warning stating “hey I dont know this address, this certificate was for someone else.”
ANALOGY:
The analogy of it is imagine Joe Shmo got a certificate for his full name Jonathan Shmojackason stating he is a legit doctor of medicine. Then he presents his certificate to Sally who knows him only as Joe Shmo, she will immediately subconsiously think… wait a minute this isnt Jonathan Shmojackson. Am I sure I want to consult with doctor Joe Schmo, his name isnt Jonathan Shmojackson (when in reality it is his name).
A likewise legit analogy that ends in bad results, is imagine, a thief steals Jonathans certificate, but he can only identify him self as SOCIAL SECURITY NUMBER 123-456-789. Which doesnt match Jonathans Schmojacksons name. Thus RED FLAG and this red flag should be listened to.
Is there a way to know if the cert is in the right hands? Not really, you just gotta rely on your instincs. Or… another method of checking Authenticity.