kmgish
asked on
Apache server SSL invalid certificate error on valid cert
I installed an SSL certificate on an Apache web server, running on Ubuntu 14.04, approximately 3 months ago. The certificate was purchased through Digicert and is valid through 2017. However, about a week ago the site started displaying an error message, saying the certificate was invalid. I restarted Apache and that seemed to solve the problem. But just yesterday the error returned. I restarted Apache a 2nd time and again, everything is working fine. But now I'm concerned that rebooting is just a temporary solution.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Let's hope that is the case. Next time you get error you should take some captures from the server and see exactly what's going on before restarting and could be another issue that's causing it to break like a network issue.
ASKER
Yeah, about 3 seconds after I restarted the second time, I realized I should have tried to do some better detective work, but I had people breathing down my neck to get things working again. And unfortunately, the server runs the company's intranet, that lives behind a firewall, so I can't share any links, or anything like that.
Do you know of any specific log files I should be looking at? I've looked at error.log and error_ssl.log, but I don't see anything out of the ordinary in either of those.
Thanks for your help, BTW.
Do you know of any specific log files I should be looking at? I've looked at error.log and error_ssl.log, but I don't see anything out of the ordinary in either of those.
Thanks for your help, BTW.
You can check with qualys ssl server test what is wrong: https://www.ssllabs.com/ssltest/
Namely SHA1 certificates get marked as bad in browsers recently, not to mention that SSLv3 disablement is just a matter of weeks.
Or share your SSL domain name, i will run same test and share observations.
Namely SHA1 certificates get marked as bad in browsers recently, not to mention that SSLv3 disablement is just a matter of weeks.
Or share your SSL domain name, i will run same test and share observations.
ASKER
Hi gheist,
Thanks for your response. Unfortunately, I can't run those tests or share the link, since this is an intranet site, behind a firewall. But I can tell you that the cert doesn't support SSLv3 or SHA1. It was keyed just 3 months ago.
I was just curious if anyone here had ever experienced an SSL cert that was working fine for months and then all of a sudden stopped working, where a reboot seemingly fixed the problem.
Thanks for your response. Unfortunately, I can't run those tests or share the link, since this is an intranet site, behind a firewall. But I can tell you that the cert doesn't support SSLv3 or SHA1. It was keyed just 3 months ago.
I was just curious if anyone here had ever experienced an SSL cert that was working fine for months and then all of a sudden stopped working, where a reboot seemingly fixed the problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
vipelite, Thanks, I appreciate any ideas, thrown or otherwise.
I'll check with our lead network administrator to see if there's been any DNS changes that might be the culprit. To answer your question, the site is only accessible via an internal network.
I'll check with our lead network administrator to see if there's been any DNS changes that might be the culprit. To answer your question, the site is only accessible via an internal network.
I assume you changed certificate and did not change certificate chain.
Since you dont share the link I have no way to guess which certificate chain you need.
Since you dont share the link I have no way to guess which certificate chain you need.
ASKER