httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sac Isilia <udaypratap.sing...@gmail.com>
Subject Re: [users@httpd] SSL certificate update failed - httpd-2.4.6-90.el7
Date Mon, 06 Jan 2020 08:33:34 GMT
Hi Daniel,

Yes the old one was also wildcard. And we had no alias setup earlier as
well. Though i tried this but it didn't worked either.

Regards
Sachin Kumar

On Mon, 6 Jan 2020, 13:50 Daniel Ferradal, <dferradal@apache.org> wrote:

> Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates
> perfectly, in any case, you could try adding "ServerAlias
> *.amnetgroup.com" to the virtualhost config. The old certificate was a
> wildcard too?
>
> El lun., 6 ene. 2020 a las 9:02, Sac Isilia
> (<udaypratap.singh65@gmail.com>) escribió:
> >
> > Hi Daniel,
> >
> > The CN is *.amnetgroup.com . And the ssl certificate is wildcard
> certificate that we got from Rapidssl. Till now the old certificate runs
> fine with same config.
> >
> > Regards
> > Sachin Kumar
> >
> > On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <dferradal@apache.org> wrote:
> >>
> >> The servername "www.amnetgroup.com" and CN in the certificate must
> >> match and be the same, that is what "rsa certificate configured for
> >> xxxxxxxxxxx:443 does not include an id which matches the server name
> >> " means.
> >>
> >> you can easily check it with command "openssl x509 -in
> >> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"
> >>
> >> So if the CN is amnetgroup.com and your servername is
> >> www.amnetgroup.com there is no match unless there is SAN (subject
> >> alternate name) in the cert that matches the servername you are using.
> >>
> >> El dom., 5 ene. 2020 a las 20:07, Sac Isilia
> >> (<udaypratap.singh65@gmail.com>) escribió:
> >> >
> >> > Hi @lbutlr,
> >> >
> >> > Below is the site.conf file settings . We just updated the
> certificate contents and touched nothing else. Right now the site is
> reverted to its original certificate. But as soon as we update the
> certificate contents it doesn't work and throw the error that I mentioned.
> >> >
> >> > <VirtualHost *:80>
> >> >   ServerName amnetgroup.com
> >> >
> >> >
> >> >   RedirectMatch 301 (.*) https://www.amnetgroup.com$1
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:80>
> >> >   ServerName amnet.ie
> >> >   ServerAlias www.amnet.ie
> >> >   ServerAlias amnetgroup.ie www.amnetgroup.ie
> >> >   RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:80>
> >> >   ServerName www.amnetgroup.com
> >> >
> >> >
> >> >   DocumentRoot "/sites/amnetgroup.com/public_html"
> >> >
> >> >   Redirect permanent / https://www.amnetgroup.com/
> >> >
> >> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> >> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
> >> >
> >> > <IfModule worker.c>
> >> >   StartServers         4
> >> >   MaxClients         300
> >> >   MinSpareThreads     25
> >> >   MaxSpareThreads     75
> >> >   ThreadsPerChild     25
> >> >   MaxRequestsPerChild  0
> >> > </IfModule>
> >> >
> >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
> 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> >> > DirectoryIndex index.php
> >> >
> >> > DirectoryIndex index.php
> >> > php_value memory_limit 1024M
> >> >
> >> >         <Directory "/sites/amnetgroup.com/public_html/">
> >> >                 Options Indexes FollowSymLinks
> >> >                 AllowOverride All
> >> >                 Require all granted
> >> >         </Directory>
> >> >   RewriteEngine On
> >> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> >> >   RewriteRule .* - [F]
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:443>
> >> >   ServerName amnetgroup.com
> >> >   SSLEngine on
> >> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> >> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> >> >   SSLCertificateChainFile /ssl/
> amnetgroup.com/cert/amnetgroup.com-bundle
> >> >
> >> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
> >> >   SSLCipherSuite
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> >> >   SSLHonorCipherOrder on
> >> >   SSLCompression      off
> >> >   SSLSessionTickets   off
> >> >
> >> >   Redirect permanent / https://www.amnetgroup.com/
> >> >
> >> >   RewriteEngine On
> >> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> >> >   RewriteRule .* - [F]
> >> > </VirtualHost>
> >> >
> >> > <VirtualHost *:443>
> >> >   ServerName www.amnetgroup.com
> >> >   SSLEngine on
> >> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> >> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> >> >   SSLCertificateChainFile /ssl/
> amnetgroup.com/cert/amnetgroup.com-bundle
> >> >
> >> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
> >> >   SSLCipherSuite
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> >> >   SSLHonorCipherOrder on
> >> >   SSLCompression      off
> >> >   SSLSessionTickets   off
> >> >
> >> >   DocumentRoot "/sites/amnetgroup.com/public_html"
> >> >
> >> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> >> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
> >> >
> >> > <IfModule worker.c>
> >> >   StartServers         4
> >> >   MaxClients         300
> >> >   MinSpareThreads     25
> >> >   MaxSpareThreads     75
> >> >   ThreadsPerChild     25
> >> >   MaxRequestsPerChild  0
> >> > </IfModule>
> >> >
> >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
> 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> >> > DirectoryIndex index.php
> >> > php_value memory_limit 1024M
> >> >
> >> >         <Directory "/sites/amnetgroup.com/public_html/">
> >> >                 Options Indexes FollowSymLinks
> >> >                 AllowOverride All
> >> >                 Require all granted
> >> >         </Directory>
> >> >   RewriteEngine On
> >> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> >> >   RewriteRule .* - [F]
> >> > </VirtualHost>
> >> >
> >> > Regards
> >> > Sachin Kumar
> >> >
> >> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@kreme.com> wrote:
> >> >>
> >> >> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@gmail.com>
> wrote:
> >> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not
> include an id which matches the server name
> >> >> >
> >> >> >   Please help me in resolving this issue.
> >> >>
> >> >> That seems clear to me.
> >> >>
> >> >> What is the server name and what are the servers listed in the
> certificate? Is there a match?
> >> >>
> >> >> Are you sure?
> >> >>
> >> >> Are you looking at the right certificate? Is the server looking at
> the right certificate? Has apache been restarted?
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
> >> >>         TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
> >> >>         THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE
> DEMAND
> >> >>         A LOOPHOLE IN EVERY PROPHECY. —Sourcery
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> >> For additional commands, e-mail: users-help@httpd.apache.org
> >> >>
> >>
> >>
> >> --
> >> Daniel Ferradal
> >> HTTPD Project
> >> #httpd help at Freenode
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Freenode
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message