Re: SSL certificate update failed - httpd-2.4.6-90.el7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Daniel,

Yes the old one was also wildcard. And we had no alias setup earlier as well. Though i tried this but it didn't worked either.

Regards
Sachin Kumar

On Mon, 6 Jan 2020, 13:50 Daniel Ferradal, <dferradal@xxxxxxxxxx> wrote:
Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates
perfectly, in any case, you could try adding "ServerAlias
*.amnetgroup.com" to the virtualhost config. The old certificate was a
wildcard too?

El lun., 6 ene. 2020 a las 9:02, Sac Isilia
(<udaypratap.singh65@xxxxxxxxx>) escribió:
>
> Hi Daniel,
>
> The CN is *.amnetgroup.com . And the ssl certificate is wildcard certificate that we got from Rapidssl. Till now the old certificate runs fine with same config.
>
> Regards
> Sachin Kumar
>
> On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <dferradal@xxxxxxxxxx> wrote:
>>
>> The servername "www.amnetgroup.com" and CN in the certificate must
>> match and be the same, that is what "rsa certificate configured for
>> xxxxxxxxxxx:443 does not include an id which matches the server name
>> " means.
>>
>> you can easily check it with command "openssl x509 -in
>> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject"
>>
>> So if the CN is amnetgroup.com and your servername is
>> www.amnetgroup.com there is no match unless there is SAN (subject
>> alternate name) in the cert that matches the servername you are using.
>>
>> El dom., 5 ene. 2020 a las 20:07, Sac Isilia
>> (<udaypratap.singh65@xxxxxxxxx>) escribió:
>> >
>> > Hi @lbutlr,
>> >
>> > Below is the site.conf file settings . We just updated the certificate contents and touched nothing else. Right now the site is reverted to its original certificate. But as soon as we update the certificate contents it doesn't work and throw the error that I mentioned.
>> >
>> > <VirtualHost *:80>
>> >   ServerName amnetgroup.com
>> >
>> >
>> >   RedirectMatch 301 (.*) https://www.amnetgroup.com$1
>> > </VirtualHost>
>> >
>> > <VirtualHost *:80>
>> >   ServerName amnet.ie
>> >   ServerAlias www.amnet.ie
>> >   ServerAlias amnetgroup.ie www.amnetgroup.ie
>> >   RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/
>> > </VirtualHost>
>> >
>> > <VirtualHost *:80>
>> >   ServerName www.amnetgroup.com
>> >
>> >
>> >   DocumentRoot "/sites/amnetgroup.com/public_html"
>> >
>> >   Redirect permanent / https://www.amnetgroup.com/
>> >
>> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>> >
>> > <IfModule worker.c>
>> >   StartServers         4
>> >   MaxClients         300
>> >   MinSpareThreads     25
>> >   MaxSpareThreads     75
>> >   ThreadsPerChild     25
>> >   MaxRequestsPerChild  0
>> > </IfModule>
>> >
>> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
>> > DirectoryIndex index.php
>> >
>> > DirectoryIndex index.php
>> > php_value memory_limit 1024M
>> >
>> >         <Directory "/sites/amnetgroup.com/public_html/">
>> >                 Options Indexes FollowSymLinks
>> >                 AllowOverride All
>> >                 Require all granted
>> >         </Directory>
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > <VirtualHost *:443>
>> >   ServerName amnetgroup.com
>> >   SSLEngine on
>> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>> >
>> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>> >   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> >   SSLHonorCipherOrder on
>> >   SSLCompression      off
>> >   SSLSessionTickets   off
>> >
>> >   Redirect permanent / https://www.amnetgroup.com/
>> >
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > <VirtualHost *:443>
>> >   ServerName www.amnetgroup.com
>> >   SSLEngine on
>> >   SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt
>> >   SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key
>> >   SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle
>> >
>> >   SSLProtocol         all -SSLv3 -TLSv1 -TLSv1.1
>> >   SSLCipherSuite      ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
>> >   SSLHonorCipherOrder on
>> >   SSLCompression      off
>> >   SSLSessionTickets   off
>> >
>> >   DocumentRoot "/sites/amnetgroup.com/public_html"
>> >
>> >   CustomLog /sites/logs/apache/amnetgroup.com-access.log combined
>> >   ErrorLog /sites/logs/apache/amnetgroup.com-error.log
>> >
>> > <IfModule worker.c>
>> >   StartServers         4
>> >   MaxClients         300
>> >   MinSpareThreads     25
>> >   MaxSpareThreads     75
>> >   ThreadsPerChild     25
>> >   MaxRequestsPerChild  0
>> > </IfModule>
>> >
>> > ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1
>> > DirectoryIndex index.php
>> > php_value memory_limit 1024M
>> >
>> >         <Directory "/sites/amnetgroup.com/public_html/">
>> >                 Options Indexes FollowSymLinks
>> >                 AllowOverride All
>> >                 Require all granted
>> >         </Directory>
>> >   RewriteEngine On
>> >   RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD)
>> >   RewriteRule .* - [F]
>> > </VirtualHost>
>> >
>> > Regards
>> > Sachin Kumar
>> >
>> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <kremels@xxxxxxxxx> wrote:
>> >>
>> >> On 04 Jan 2020, at 10:02, Sac Isilia <udaypratap.singh65@xxxxxxxxx> wrote:
>> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not include an id which matches the server name
>> >> >
>> >> >   Please help me in resolving this issue.
>> >>
>> >> That seems clear to me.
>> >>
>> >> What is the server name and what are the servers listed in the certificate? Is there a match?
>> >>
>> >> Are you sure?
>> >>
>> >> Are you looking at the right certificate? Is the server looking at the right certificate? Has apache been restarted?
>> >>
>> >>
>> >>
>> >> --
>> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH
>> >>         TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD.
>> >>         THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND
>> >>         A LOOPHOLE IN EVERY PROPHECY. —Sourcery
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>> >>
>>
>>
>> --
>> Daniel Ferradal
>> HTTPD Project
>> #httpd help at Freenode
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>


--
Daniel Ferradal
HTTPD Project
#httpd help at Freenode

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux