meade470
asked on
Loading SHA256 certificate stops Apache from running (from SHA1 certificate)
When switching from a SHA1 to a SHA256 certificate for the same CN, Apache is having a hard time restarting and running. Here's the Virtualhost lines in /etc/httpd/conf.d/ssl.conf :
Here is the nagios-error_log in /logs:
Is this because the private key and certificate don't match? I am almost sure that they were issued at the same time and pair.
Please advise.
<VirtualHost *:443>
DocumentRoot "/var/www/html"
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/STAR_workforce_wfs.sha1.cer
SSLCertificateKeyFile /etc/pki/tls/private/myserver.star_workforce_wfs.sha1.key
ServerName lii-mon01.workforce.wfs
SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
SSLCipherSuite AES256-SHA:2048:1024:256:HIGH:!ADH:!MD5:!aNULL
SSLProtocol all -SSLv2
ProxyRequests off
ProxyPass /livonia/ http://localhost:5000/livonia/
ProxyPassReverse /livonia/ http://localhost:5000/livonia/
ErrorLog logs/nagios-error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/nagios-access_log combined
</VirtualHost>
Here is the nagios-error_log in /logs:
[root@lii-mon01 certs]# cat /etc/httpd/logs/nagios-error_log
[Mon May 18 08:23:57 2015] [error] Unable to configure RSA server private key
[Mon May 18 08:23:57 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Mon May 18 10:43:09 2015] [error] Unable to configure RSA server private key
[Mon May 18 10:43:09 2015] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
Is this because the private key and certificate don't match? I am almost sure that they were issued at the same time and pair.
Please advise.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Problem solved ;-)
Thanks!
Thanks!
ASKER