The servername "www.amnetgroup.com" and CN in the certificate must
match and be the same, that is what "rsa certificate configured for
xxxxxxxxxxx:443 does not include an id which matches the server name
" means.
you can easily check it with command "openssl x509 -in
/ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"
So if the CN is amnetgroup.com and your servername is
www.amnetgroup.com there is no match unless there is SAN (subject
alternate name) in the cert that matches the servername you are using.
El dom., 5 ene. 2020 a las 20:07, Sac Isilia
(<udaypratap.singh65@xxxxxxxxx>) escribió:
>
> Hi @lbutlr,
>
> Below is the site.conf file settings . We just updated the certificate contents and touched nothing else. Right now the site is reverted to its original certificate. But as soon as we update the certificate contents it doesn't work and throw the error that I mentioned.
>
> <VirtualHost *:80>
> ServerName amnetgroup.com
>
>
> RedirectMatch 301 (.*) https://www.amnetgroup.com$1
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName amnet.ie
> ServerAlias www.amnet.ie
> ServerAlias amnetgroup.ie www.amnetgroup.ie
> RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
> </VirtualHost>
>
> <VirtualHost *:80>
> ServerName www.amnetgroup.com
>
>
> DocumentRoot "/sites/amnetgroup.com/public_html"
>
> Redirect permanent / https://www.amnetgroup.com/
>
> CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>
> <IfModule worker.c>
> StartServers 4
> MaxClients 300
> MinSpareThreads 25
> MaxSpareThreads 75
> ThreadsPerChild 25
> MaxRequestsPerChild 0
> </IfModule>
>
> ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> DirectoryIndex index.php
>
> DirectoryIndex index.php
> php_value memory_limit 1024M
>
> <Directory "/sites/amnetgroup.com/public_html/">
> Options Indexes FollowSymLinks
> AllowOverride All
> Require all granted
> </Directory>
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
> RewriteRule .* - [F]
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName amnetgroup.com
> SSLEngine on
> SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> SSLHonorCipherOrder on
> SSLCompression off
> SSLSessionTickets off
>
> Redirect permanent / https://www.amnetgroup.com/
>
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> RewriteRule .* - [F]
> </VirtualHost>
>
> <VirtualHost *:443>
> ServerName www.amnetgroup.com
> SSLEngine on
> SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
> SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
> SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>
> SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
> SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
> SSLHonorCipherOrder on
> SSLCompression off
> SSLSessionTickets off
>
> DocumentRoot "/sites/amnetgroup.com/public_html"
>
> CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
> ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>
> <IfModule worker.c>
> StartServers 4
> MaxClients 300
> MinSpareThreads 25
> MaxSpareThreads 75
> ThreadsPerChild 25
> MaxRequestsPerChild 0
> </IfModule>
>
> ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> DirectoryIndex index.php
> php_value memory_limit 1024M
>
> <Directory "/sites/amnetgroup.com/public_html/">
> Options Indexes FollowSymLinks
> AllowOverride All
> Require all granted
> </Directory>
> RewriteEngine On
> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
> RewriteRule .* - [F]
> </VirtualHost>
>
> Regards
> Sachin Kumar
>
> On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@xxxxxxxxx> wrote:
>>
>> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@xxxxxxxxx> wrote:
>> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not include an id which matches the server name
>> >
>> > Please help me in resolving this issue.
>>
>> That seems clear to me.
>>
>> What is the server name and what are the servers listed in the certificate? Is there a match?
>>
>> Are you sure?
>>
>> Are you looking at the right certificate? Is the server looking at the right certificate? Has apache been restarted?
>>
>>
>>
>> --
>> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
>> TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
>> THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND
>> A LOOPHOLE IN EVERY PROPHECY. —Sourcery
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
--
Daniel Ferradal
HTTPD Project
#httpd help at Freenode
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|