httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sac Isilia <udaypratap.sing...@gmail.com>
Subject Re: [users@httpd] SSL certificate update failed - httpd-2.4.6-90.el7
Date Mon, 06 Jan 2020 08:02:09 GMT
Hi Daniel,

The CN is *.amnetgroup.com . And the ssl certificate is wildcard
certificate that we got from Rapidssl. Till now the old certificate runs
fine with same config.

Regards
Sachin Kumar

On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <dferradal@apache.org> wrote:

> The servername "www.amnetgroup.com" and CN in the certificate must
> match and be the same, that is what "rsa certificate configured for
> xxxxxxxxxxx:443 does not include an id which matches the server name
> " means.
>
> you can easily check it with command "openssl x509 -in
> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"
>
> So if the CN is amnetgroup.com and your servername is
> www.amnetgroup.com there is no match unless there is SAN (subject
> alternate name) in the cert that matches the servername you are using.
>
> El dom., 5 ene. 2020 a las 20:07, Sac Isilia
> (<udaypratap.singh65@gmail.com>) escribió:
> >
> > Hi @lbutlr,
> >
> > Below is the site.conf file settings . We just updated the certificate
> contents and touched nothing else. Right now the site is reverted to its
> original certificate. But as soon as we update the certificate contents it
> doesn't work and throw the error that I mentioned.
> >
> > <VirtualHost *:80>
> >   ServerName amnetgroup.com
> >
> >
> >   RedirectMatch 301 (.*) https://www.amnetgroup.com$1
> > </VirtualHost>
> >
> > <VirtualHost *:80>
> >   ServerName amnet.ie
> >   ServerAlias www.amnet.ie
> >   ServerAlias amnetgroup.ie www.amnetgroup.ie
> >   RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
> > </VirtualHost>
> >
> > <VirtualHost *:80>
> >   ServerName www.amnetgroup.com
> >
> >
> >   DocumentRoot "/sites/amnetgroup.com/public_html"
> >
> >   Redirect permanent / https://www.amnetgroup.com/
> >
> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
> >
> > <IfModule worker.c>
> >   StartServers         4
> >   MaxClients         300
> >   MinSpareThreads     25
> >   MaxSpareThreads     75
> >   ThreadsPerChild     25
> >   MaxRequestsPerChild  0
> > </IfModule>
> >
> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
> 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> > DirectoryIndex index.php
> >
> > DirectoryIndex index.php
> > php_value memory_limit 1024M
> >
> >         <Directory "/sites/amnetgroup.com/public_html/">
> >                 Options Indexes FollowSymLinks
> >                 AllowOverride All
> >                 Require all granted
> >         </Directory>
> >   RewriteEngine On
> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> >   RewriteRule .* - [F]
> > </VirtualHost>
> >
> > <VirtualHost *:443>
> >   ServerName amnetgroup.com
> >   SSLEngine on
> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
> >
> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
> >   SSLCipherSuite
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> >   SSLHonorCipherOrder on
> >   SSLCompression      off
> >   SSLSessionTickets   off
> >
> >   Redirect permanent / https://www.amnetgroup.com/
> >
> >   RewriteEngine On
> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> >   RewriteRule .* - [F]
> > </VirtualHost>
> >
> > <VirtualHost *:443>
> >   ServerName www.amnetgroup.com
> >   SSLEngine on
> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
> >
> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
> >   SSLCipherSuite
> ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> >   SSLHonorCipherOrder on
> >   SSLCompression      off
> >   SSLSessionTickets   off
> >
> >   DocumentRoot "/sites/amnetgroup.com/public_html"
> >
> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
> >
> > <IfModule worker.c>
> >   StartServers         4
> >   MaxClients         300
> >   MinSpareThreads     25
> >   MaxSpareThreads     75
> >   ThreadsPerChild     25
> >   MaxRequestsPerChild  0
> > </IfModule>
> >
> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://
> 127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> > DirectoryIndex index.php
> > php_value memory_limit 1024M
> >
> >         <Directory "/sites/amnetgroup.com/public_html/">
> >                 Options Indexes FollowSymLinks
> >                 AllowOverride All
> >                 Require all granted
> >         </Directory>
> >   RewriteEngine On
> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> >   RewriteRule .* - [F]
> > </VirtualHost>
> >
> > Regards
> > Sachin Kumar
> >
> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@kreme.com> wrote:
> >>
> >> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@gmail.com>
> wrote:
> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not
> include an id which matches the server name
> >> >
> >> >   Please help me in resolving this issue.
> >>
> >> That seems clear to me.
> >>
> >> What is the server name and what are the servers listed in the
> certificate? Is there a match?
> >>
> >> Are you sure?
> >>
> >> Are you looking at the right certificate? Is the server looking at the
> right certificate? Has apache been restarted?
> >>
> >>
> >>
> >> --
> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
> >>         TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
> >>         THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE
> DEMAND
> >>         A LOOPHOLE IN EVERY PROPHECY. —Sourcery
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
>
>
> --
> Daniel Ferradal
> HTTPD Project
> #httpd help at Freenode
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message