httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ferradal <dferra...@apache.org>
Subject Re: [users@httpd] SSL certificate update failed - httpd-2.4.6-90.el7
Date Mon, 06 Jan 2020 08:20:14 GMT
Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates
perfectly, in any case, you could try adding "ServerAlias
*.amnetgroup.com" to the virtualhost config. The old certificate was a
wildcard too?

El lun., 6 ene. 2020 a las 9:02, Sac Isilia
(<udaypratap.singh65@gmail.com>) escribió:
>
> Hi Daniel,
>
> The CN is *.amnetgroup.com . And the ssl certificate is wildcard certificate that we
got from Rapidssl. Till now the old certificate runs fine with same config.
>
> Regards
> Sachin Kumar
>
> On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <dferradal@apache.org> wrote:
>>
>> The servername "www.amnetgroup.com" and CN in the certificate must
>> match and be the same, that is what "rsa certificate configured for
>> xxxxxxxxxxx:443 does not include an id which matches the server name
>> " means.
>>
>> you can easily check it with command "openssl x509 -in
>> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"
>>
>> So if the CN is amnetgroup.com and your servername is
>> www.amnetgroup.com there is no match unless there is SAN (subject
>> alternate name) in the cert that matches the servername you are using.
>>
>> El dom., 5 ene. 2020 a las 20:07, Sac Isilia
>> (<udaypratap.singh65@gmail.com>) escribió:
>> >
>> > Hi @lbutlr,
>> >
>> > Below is the site.conf file settings . We just updated the certificate contents
and touched nothing else. Right now the site is reverted to its original certificate. But
as soon as we update the certificate contents it doesn't work and throw the error that I mentioned.
>> >
>> > <VirtualHost *:80>
>> >   ServerName amnetgroup.com
>> >
>> >
>> >   RedirectMatch 301 (.*) https://www.amnetgroup.com$1
>> > </VirtualHost>
>> >
>> > <VirtualHost *:80>
>> >   ServerName amnet.ie
>> >   ServerAlias www.amnet.ie
>> >   ServerAlias amnetgroup.ie www.amnetgroup.ie
>> >   RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
>> > </VirtualHost>
>> >
>> > <VirtualHost *:80>
>> >   ServerName www.amnetgroup.com
>> >
>> >
>> >   DocumentRoot "/sites/amnetgroup.com/public_html"
>> >
>> >   Redirect permanent / https://www.amnetgroup.com/
>> >
>> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>> >
>> > <IfModule worker.c>
>> >   StartServers         4
>> >   MaxClients         300
>> >   MinSpareThreads     25
>> >   MaxSpareThreads     75
>> >   ThreadsPerChild     25
>> >   MaxRequestsPerChild  0
>> > </IfModule>
>> >
>> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
>> > DirectoryIndex index.php
>> >
>> > DirectoryIndex index.php
>> > php_value memory_limit 1024M
>> >
>> >         <Directory "/sites/amnetgroup.com/public_html/">
>> >                 Options Indexes FollowSymLinks
>> >                 AllowOverride All
>> >                 Require all granted
>> >         </Directory>
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > <VirtualHost *:443>
>> >   ServerName amnetgroup.com
>> >   SSLEngine on
>> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>> >
>> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>> >   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> >   SSLHonorCipherOrder on
>> >   SSLCompression      off
>> >   SSLSessionTickets   off
>> >
>> >   Redirect permanent / https://www.amnetgroup.com/
>> >
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > <VirtualHost *:443>
>> >   ServerName www.amnetgroup.com
>> >   SSLEngine on
>> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>> >
>> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>> >   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> >   SSLHonorCipherOrder on
>> >   SSLCompression      off
>> >   SSLSessionTickets   off
>> >
>> >   DocumentRoot "/sites/amnetgroup.com/public_html"
>> >
>> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>> >
>> > <IfModule worker.c>
>> >   StartServers         4
>> >   MaxClients         300
>> >   MinSpareThreads     25
>> >   MaxSpareThreads     75
>> >   ThreadsPerChild     25
>> >   MaxRequestsPerChild  0
>> > </IfModule>
>> >
>> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
>> > DirectoryIndex index.php
>> > php_value memory_limit 1024M
>> >
>> >         <Directory "/sites/amnetgroup.com/public_html/">
>> >                 Options Indexes FollowSymLinks
>> >                 AllowOverride All
>> >                 Require all granted
>> >         </Directory>
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > Regards
>> > Sachin Kumar
>> >
>> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@kreme.com> wrote:
>> >>
>> >> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@gmail.com>
wrote:
>> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not include
an id which matches the server name
>> >> >
>> >> >   Please help me in resolving this issue.
>> >>
>> >> That seems clear to me.
>> >>
>> >> What is the server name and what are the servers listed in the certificate?
Is there a match?
>> >>
>> >> Are you sure?
>> >>
>> >> Are you looking at the right certificate? Is the server looking at the right
certificate? Has apache been restarted?
>> >>
>> >>
>> >>
>> >> --
>> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
>> >>         TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
>> >>         THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND
>> >>         A LOOPHOLE IN EVERY PROPHECY. —Sourcery
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> >> For additional commands, e-mail: users-help@httpd.apache.org
>> >>
>>
>>
>> --
>> Daniel Ferradal
>> HTTPD Project
>> #httpd help at Freenode
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>


-- 
Daniel Ferradal
HTTPD Project
#httpd help at Freenode

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message