Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Apache cert

Posted on 2014-01-13
15
Medium Priority
?
1,172 Views
Last Modified: 2014-01-14
Im getting the below error on my Apache error.log, we have a wildcard Cert and am not sure if that is the issue. Could anyone help tracking the cause and resolution for this issue?

[Mon Jan 13 08:53:35.083158 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [ssl:warn] [pid 1308:tid 400] AH01909: RSA certificate configured for APP03a:443 does NOT include an ID which matches the server name
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00455: Apache/2.4.2 (Win32) OpenSSL/1.0.1 configured -- resuming normal operations
[Mon Jan 13 08:53:35.661285 2014] [mpm_winnt:notice] [pid 1308:tid 400] AH00456: Server built: May 11 2012 16:55:33


regards,
0
Comment
Question by:atorex
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
15 Comments
 
LVL 3

Expert Comment

by:cristiantm
ID: 39777135
The certificate is issued for a wildcard domain (*.something.com), but your vhost is not on that domain (APP03a), thats why the *warning* (not error) appears.
0
 

Author Comment

by:atorex
ID: 39777189
Thanks for the reply,
there is an application that connects to it, using the FQDN URL to it, I'm getting an ssl handshake error that made me think was due to this error.

the error from the Application,

08:48:55.168:WARN:oeji.nio:java.io.IOException: An established connection was aborted by the software in your host machine
INFO   | jvm 1    | 2014/01/13 08:50:08 | javax.net.ssl.SSLProtocolException: handshake alert:  unrecognized_name
0
 
LVL 58

Expert Comment

by:Gary
ID: 39777195
Do you have something like this

<VirtualHost 127.0.0.1:443>
ServerName www.domain.com:443


If so remove the :443 from the ServerName line
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 3

Expert Comment

by:cristiantm
ID: 39777221
If this that cathal mentions is not the case, could you post the main parts of your vhost config?
0
 

Author Comment

by:atorex
ID: 39777236
I have  the below in the httpd-ssl.conf


<VirtualHost _default_:443>
0
 
LVL 58

Expert Comment

by:Gary
ID: 39777281
And the rest of it...
0
 

Author Comment

by:atorex
ID: 39777285
Sorry here it is


<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/Apache24/htdocs"
ServerName https://app03a.globoalwork.com
ServerAdmin admin@example.com
ErrorLog "/Apache24/logs/error.log"
TransferLog "/Apache24/logs/access.log"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 2000 total points
ID: 39777326
Is your wildcard cert issued for *.globoalwork.com??

By the way, is it really globoalwork.com ? Not globolwork.com or globalwork.com ? ;) would be a very common mistake, and looks like this is the problem since I can see that globoalwork.com is an unregistered domain. So I think you just have a typo there.
0
 

Author Comment

by:atorex
ID: 39777343
yes its *.globalwork.com fat fingered it, and that is what the cert was issued to.

I may have an idea why this is having issues, the server's fqdn is app03a.globalHQ.com
when the admin created the server that's the Domain they put it in!
0
 
LVL 58

Expert Comment

by:Gary
ID: 39777349
Looks like cristiantm has hit the nail on the head
0
 

Author Comment

by:atorex
ID: 39777382
I corrected the fat finger error but still the same issue, that didn't resolve the issue, could this FQDN be the issue?
app03a.globalHQ.com
0
 
LVL 3

Expert Comment

by:cristiantm
ID: 39777389
You say the domain for the site is app03a.globalHQ.com? then you need a cert for app03a.globalHQ.com (or wildcard cert for *.globalHQ.com) and to setup the apache vhost name to app03a.globalHQ.com.
0
 

Author Comment

by:atorex
ID: 39777421
OK so that's likely the issue, the HQ domain is an internal domain so The server boys will have to move the server to the correct domain.
0
 
LVL 3

Expert Comment

by:cristiantm
ID: 39779141
Yes, that is correct. The SSL certificate Common Name will need to match the domain. If the site is in this domain just for testing/development, then you can use a self-signed (or in-house PKI) certificate for testing only.
0
 

Author Comment

by:atorex
ID: 39779204
Thanks, we are getting some self signed certs.
0

Featured Post

Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question