Re: Apache serving up default certificate for certain domains

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So in looking at the differences between ssl.conf and ssl.conf.rpmnew,
in addition to my own additions for selecting cipher suites, etc, I see:

92c80
< SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
---
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA

where the 2nd line is from ssl.conf.rpmnew.  Could the fact that
":!SEED:!IDEA" is missing from my ssl.conf be causing this problem?

On 01/17/2016 11:36 AM, Ted To wrote:
> So having run httpd -S, I can see that for port 443,
> 
>          default server theo.to (/etc/httpd/conf.d/ssl.conf:68)
> 
> shows up (which is not right) but then shows up again:
> 
>          port 443 namevhost theo.to
> (/etc/httpd/sites-enabled/theo.to.conf:7)
>                  alias www.theo.to
> 
> Looking in /etc/httpd/conf.d, I see that there is an ssl.conf.rpmnew.
> Do I need to merge in changes from the new default configuration?
> 
> Thanks,
> Ted
> 
> On 01/16/2016 07:44 PM, Yehuda Katz wrote:
>> Maybe the updated openssl doesn't like something about your certificates.
>>
>> Does Apache have any warnings or notices when it starts up?
>> Try running httpd -S which lists all the vhosts Apache has and see if it
>> matches what you expect.
>> You may also see the errors from that command (tested on RHEL 7 - not
>> quite the same as Centos, but should be pretty close).
>>
>> - Y
>>
>> On Sat, Jan 16, 2016 at 3:18 PM, Ted To <ted@xxxxxxx
>> <mailto:ted@xxxxxxx>> wrote:
>>
>>     Hi,
>>
>>     Up until roughly a week ago, my VPS web server was working properly.
>>     From what I can see, the only change is that nss, nss-tools, openssl and
>>     gnutls were updated.  On Monday, Jan 11, I noticed that I was getting an
>>     SSL error when running "svn up".  When trying to open the url in a web
>>     browser, the page would not open but I could open it with w3m by
>>     accepting the certificate -- I was directed to the default CentOS apache
>>     start page.  The strange thing is that it only happens for a minority of
>>     my domains/subdomains.
>>
>>     I am running Apache 2.4.6 on a Centos 7 box.
>>
>>     Any thoughts/suggestions for what could be going on here?
>>
>>     Thanks in advance!
>>
>>     Ted To
>>
>>     ---------------------------------------------------------------------
>>     To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>     <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
>>     For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>     <mailto:users-help@xxxxxxxxxxxxxxxx>
>>
>>
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux