timb551
asked on
Apache ignoring ssl config
I have a centos 7 server running apache.
All of a sudden the site is not configured using the ssl certificate.
It is using the locahost certificate and thus making the site insecure.
I have checked my apache config (below) and all looks fine.
This one really does have me stumped as it was working fine.
The only error i can see is
[Mon Jul 18 10:56:15.299743 2016] [ssl:warn] [pid 1377] AH01909: RSA certificate configured for domain.com:443 does NOT include an ID which matches the server name
<VirtualHost 1.1.1.1:80>
ServerName domain.com
DocumentRoot /var/www/html/domain.com/l ive/httpdo cs/
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName domain.com:443
DocumentRoot /var/www/html/domain.com/l ive/httpdo cs/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain. com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domai n.com.key
SSLCertificateChainFile /etc/pki/tls/certs/domain. com.ca-bun dle
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLHonorCipherOrder on
</VirtualHost>
Capture.JPG
All of a sudden the site is not configured using the ssl certificate.
It is using the locahost certificate and thus making the site insecure.
I have checked my apache config (below) and all looks fine.
This one really does have me stumped as it was working fine.
The only error i can see is
[Mon Jul 18 10:56:15.299743 2016] [ssl:warn] [pid 1377] AH01909: RSA certificate configured for domain.com:443 does NOT include an ID which matches the server name
<VirtualHost 1.1.1.1:80>
ServerName domain.com
DocumentRoot /var/www/html/domain.com/l
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName domain.com:443
DocumentRoot /var/www/html/domain.com/l
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain.
SSLCertificateKeyFile /etc/pki/tls/private/domai
SSLCertificateChainFile /etc/pki/tls/certs/domain.
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLHonorCipherOrder on
</VirtualHost>
Capture.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ssl.conf was taking precedence over httpd.conf
Added ssl to ssl.conf and all started working.
Added ssl to ssl.conf and all started working.
You can view the certificate file to see if it is the correct one and that is has not expired.
e.g.
openssl x509 -in /etc/pki/tls/certs/domain.