• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 108
  • Last Modified:

Apache ignoring ssl config

I have a centos 7 server running apache.

All of a sudden the site is not configured using the ssl certificate.

It is using the locahost certificate and thus making the site insecure.

I have checked my apache config (below) and all looks fine.

This one really does have me stumped as it was working fine.

The only error i can see is
[Mon Jul 18 10:56:15.299743 2016] [ssl:warn] [pid 1377] AH01909: RSA certificate configured for domain.com:443 does NOT include an ID which matches the server name


<VirtualHost 1.1.1.1:80>
      ServerName domain.com
       DocumentRoot /var/www/html/domain.com/live/httpdocs/
</VirtualHost>

<VirtualHost 1.1.1.1:443>
      ServerName domain.com:443
       DocumentRoot /var/www/html/domain.com/live/httpdocs/
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
      SSLCertificateChainFile /etc/pki/tls/certs/domain.com.ca-bundle
      SSLProtocol all -SSLv2 -SSLv3
      SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
      SSLHonorCipherOrder on
</VirtualHost>
Capture.JPG
0
timb551
Asked:
timb551
  • 2
1 Solution
 
Peter HutchisonSenior Network Systems SpecialistCommented:
Check that the certificates are copied ok to /etc/pki/tls/certs and the permissions are set to allow read from the system.

You can view the certificate file to see if it is the correct one and that is has not expired.

e.g.
openssl x509 -in /etc/pki/tls/certs/domain.com.crt -inform pem -noout -text
0
 
timb551Author Commented:
checked all that and its fine.

For some reason it seems to be taking the config from the ssl.conf file rather than the httpd.conf file.

I have altered the ssl to include the sites certs and its working now but i dont know why a server that hasnt been touch would have changed its setup.
0
 
timb551Author Commented:
ssl.conf was taking precedence over httpd.conf

Added ssl to ssl.conf and all started working.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now