Re: SSL certificate update failed - httpd-2.4.6-90.el7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Daniel,

The CN is *.amnetgroup.com . And the ssl certificate is wildcard certificate that we got from Rapidssl. Till now the old certificate runs fine with same config.

Regards
Sachin Kumar

On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <dferradal@xxxxxxxxxx> wrote:
The servername "www.amnetgroup.com" and CN in the certificate must
match and be the same, that is what "rsa certificate configured for
xxxxxxxxxxx:443 does not include an id which matches the server name
" means.

you can easily check it with command "openssl x509 -in
/ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"

So if the CN is amnetgroup.com and your servername is
www.amnetgroup.com there is no match unless there is SAN (subject
alternate name) in the cert that matches the servername you are using.

El dom., 5 ene. 2020 a las 20:07, Sac Isilia
(<udaypratap.singh65@xxxxxxxxx>) escribió:
>
> Hi @lbutlr,
>
> Below is the site.conf file settings . We just updated the certificate contents and touched nothing else. Right now the site is reverted to its original certificate. But as soon as we update the certificate contents it doesn't work and throw the error that I mentioned.
>
> <VirtualHost *:80>
>   ServerName amnetgroup.com
>
>
>   RedirectMatch 301 (.*) https://www.amnetgroup.com$1
> </VirtualHost>
>
> <VirtualHost *:80>
>   ServerName amnet.ie
>   ServerAlias www.amnet.ie
>   ServerAlias amnetgroup.ie www.amnetgroup.ie
>   RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
> </VirtualHost>
>
> <VirtualHost *:80>
>   ServerName www.amnetgroup.com
>
>
>   DocumentRoot "/sites/amnetgroup.com/public_html"
>
>   Redirect permanent / https://www.amnetgroup.com/
>
>   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>
> <IfModule worker.c>
>   StartServers         4
>   MaxClients         300
>   MinSpareThreads     25
>   MaxSpareThreads     75
>   ThreadsPerChild     25
>   MaxRequestsPerChild  0
> </IfModule>
>
> ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> DirectoryIndex index.php
>
> DirectoryIndex index.php
> php_value memory_limit 1024M
>
>         <Directory "/sites/amnetgroup.com/public_html/">
>                 Options Indexes FollowSymLinks
>                 AllowOverride All
>                 Require all granted
>         </Directory>
>   RewriteEngine On
>   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>   RewriteRule .* - [F]
> </VirtualHost>
>
> <VirtualHost *:443>
>   ServerName amnetgroup.com
>   SSLEngine on
>   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>
>   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>   SSLHonorCipherOrder on
>   SSLCompression      off
>   SSLSessionTickets   off
>
>   Redirect permanent / https://www.amnetgroup.com/
>
>   RewriteEngine On
>   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>   RewriteRule .* - [F]
> </VirtualHost>
>
> <VirtualHost *:443>
>   ServerName www.amnetgroup.com
>   SSLEngine on
>   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>
>   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>   SSLHonorCipherOrder on
>   SSLCompression      off
>   SSLSessionTickets   off
>
>   DocumentRoot "/sites/amnetgroup.com/public_html"
>
>   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>
> <IfModule worker.c>
>   StartServers         4
>   MaxClients         300
>   MinSpareThreads     25
>   MaxSpareThreads     75
>   ThreadsPerChild     25
>   MaxRequestsPerChild  0
> </IfModule>
>
> ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
> DirectoryIndex index.php
> php_value memory_limit 1024M
>
>         <Directory "/sites/amnetgroup.com/public_html/">
>                 Options Indexes FollowSymLinks
>                 AllowOverride All
>                 Require all granted
>         </Directory>
>   RewriteEngine On
>   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>   RewriteRule .* - [F]
> </VirtualHost>
>
> Regards
> Sachin Kumar
>
> On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@xxxxxxxxx> wrote:
>>
>> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@xxxxxxxxx> wrote:
>> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not include an id which matches the server name
>> >
>> >   Please help me in resolving this issue.
>>
>> That seems clear to me.
>>
>> What is the server name and what are the servers listed in the certificate? Is there a match?
>>
>> Are you sure?
>>
>> Are you looking at the right certificate? Is the server looking at the right certificate? Has apache been restarted?
>>
>>
>>
>> --
>> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
>>         TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
>>         THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND
>>         A LOOPHOLE IN EVERY PROPHECY. —Sourcery
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>


--
Daniel Ferradal
HTTPD Project
#httpd help at Freenode

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux