Solved

Apache server SSL invalid certificate error on valid cert

Posted on 2014-12-16
9
211 Views
Last Modified: 2015-05-28
I installed an SSL certificate on an Apache web server, running on Ubuntu 14.04, approximately 3 months ago.  The certificate was purchased through Digicert and is valid through 2017.  However, about a week ago the site started displaying an error message, saying the certificate was invalid.  I restarted Apache and that seemed to solve the problem.  But just yesterday the error returned. I restarted Apache a 2nd time and again, everything is working fine. But now I'm concerned that rebooting is just a temporary solution.
0
Comment
Question by:kmgish
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 3

Assisted Solution

by:vipelite
vipelite earned 500 total points
ID: 40503888
Contact DigiCert. and make sure you have all root files installed on your server.
0
 

Author Comment

by:kmgish
ID: 40503907
By root files, do you mean the applicable crt, csr and key files?  If so, they are installed.  The certificate is currently working fine.  If they weren't installed correctly, wouldn't it not work at all?
0
 
LVL 3

Expert Comment

by:vipelite
ID: 40503919
Let's hope that is the case. Next time you get error you should take some captures from the server and see exactly what's going on before restarting and could be another issue that's causing it to break like a network issue.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:kmgish
ID: 40503951
Yeah, about 3 seconds after I restarted the second time, I realized I should have tried to do some better detective work, but I had people breathing down my neck to get things working again.  And unfortunately, the server runs the company's intranet, that lives behind a firewall, so I can't share any links, or anything like that.

Do you know of any specific log files I should be looking at?  I've looked at error.log and error_ssl.log, but I don't see anything out of the ordinary in either of those.

Thanks for your help, BTW.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40504227
You can check with qualys ssl server test what is wrong: https://www.ssllabs.com/ssltest/
Namely SHA1 certificates get marked as bad in browsers recently, not to mention that SSLv3 disablement is just a matter of weeks.
Or share your SSL domain name, i will run same test and share observations.
0
 

Author Comment

by:kmgish
ID: 40505296
Hi gheist,

Thanks for your response. Unfortunately, I can't run those tests or share the link, since this is an intranet site, behind a firewall.  But I can tell you that the cert doesn't support SSLv3 or SHA1.  It was keyed just 3 months ago.

I was just curious if anyone here had ever experienced an SSL cert that was working fine for months and then all of a sudden stopped working, where a reboot seemingly fixed the problem.
0
 
LVL 3

Accepted Solution

by:
vipelite earned 500 total points
ID: 40505946
Have you checked internally for any Hostname/DNS changes could possibly be one. DNS may have refreshed a change and server didn't like it. I don't know throwing things out there. Especially if you're not seeing any errors on the actual server. Also, when you say behind a FW is it behind a DMZ or is it only accessible via internal network?
0
 

Author Comment

by:kmgish
ID: 40506004
vipelite,  Thanks, I appreciate any ideas, thrown or otherwise.

I'll check with our lead network administrator to see if there's been any DNS changes that might be the culprit.  To answer your question, the site is only accessible via an internal network.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40506447
I assume you changed certificate and did not change certificate chain.
Since you dont share the link I have no way to guess which certificate chain you need.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
(Open)LDAP V2.44  search proxy to AD (W2012R2) 37 217
Windows 2012 R2 Anywhere Access and PCI compliance 5 53
Apache module 5 66
Install XRDP on Ubuntu Server 16.10 x64 3 62
If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question