atorex
asked on
Apache cert
Im getting the below error on my Apache error.log, we have a wildcard Cert and am not sure if that is the issue. Could anyone help tracking the cause and resolution for this issue?
[Mon Jan 13 08:53:35.083158 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00455: Apache/2.4.2 (Win32) OpenSSL/1.0.1 configured -- resuming normal operations
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00456: Server built: May 11 2012 16:55:33
regards,
[Mon Jan 13 08:53:35.083158 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00455: Apache/2.4.2 (Win32) OpenSSL/1.0.1 configured -- resuming normal operations
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00456: Server built: May 11 2012 16:55:33
regards,
cristiantm
The certificate is issued for a wildcard domain (*.something.com), but your vhost is not on that domain (APP03a), thats why the *warning* (not error) appears.
ASKER
Thanks for the reply,
there is an application that connects to it, using the FQDN URL to it, I'm getting an ssl handshake error that made me think was due to this error.
the error from the Application,
08:48:55.168:WARN:oeji.nio
INFO | jvm 1 | 2014/01/13 08:50:08 | javax.net.ssl.SSLProtocolE
there is an application that connects to it, using the FQDN URL to it, I'm getting an ssl handshake error that made me think was due to this error.
the error from the Application,
08:48:55.168:WARN:oeji.nio
INFO | jvm 1 | 2014/01/13 08:50:08 | javax.net.ssl.SSLProtocolE
Do you have something like this
<VirtualHost 127.0.0.1:443>
ServerName www.domain.com:443
If so remove the :443 from the ServerName line
<VirtualHost 127.0.0.1:443>
ServerName www.domain.com:443
If so remove the :443 from the ServerName line
If this that cathal mentions is not the case, could you post the main parts of your vhost config?
ASKER
I have the below in the httpd-ssl.conf
<VirtualHost _default_:443>
<VirtualHost _default_:443>
And the rest of it...
ASKER
Sorry here it is
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/Apache24/htdocs"
ServerName https://app03a.globoalwork.com
ServerAdmin admin@example.com
ErrorLog "/Apache24/logs/error.log"
TransferLog "/Apache24/logs/access.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/Apache24/htdocs"
ServerName https://app03a.globoalwork.com
ServerAdmin admin@example.com
ErrorLog "/Apache24/logs/error.log"
TransferLog "/Apache24/logs/access.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes its *.globalwork.com fat fingered it, and that is what the cert was issued to.
I may have an idea why this is having issues, the server's fqdn is app03a.globalHQ.com
when the admin created the server that's the Domain they put it in!
I may have an idea why this is having issues, the server's fqdn is app03a.globalHQ.com
when the admin created the server that's the Domain they put it in!
Looks like cristiantm has hit the nail on the head
ASKER
I corrected the fat finger error but still the same issue, that didn't resolve the issue, could this FQDN be the issue?
app03a.globalHQ.com
app03a.globalHQ.com
You say the domain for the site is app03a.globalHQ.com? then you need a cert for app03a.globalHQ.com (or wildcard cert for *.globalHQ.com) and to setup the apache vhost name to app03a.globalHQ.com.
ASKER
OK so that's likely the issue, the HQ domain is an internal domain so The server boys will have to move the server to the correct domain.
Yes, that is correct. The SSL certificate Common Name will need to match the domain. If the site is in this domain just for testing/development, then you can use a self-signed (or in-house PKI) certificate for testing only.
ASKER
Thanks, we are getting some self signed certs.