Solved

Apache ignoring ssl config

Posted on 2016-07-18
3
35 Views
Last Modified: 2016-07-25
I have a centos 7 server running apache.

All of a sudden the site is not configured using the ssl certificate.

It is using the locahost certificate and thus making the site insecure.

I have checked my apache config (below) and all looks fine.

This one really does have me stumped as it was working fine.

The only error i can see is
[Mon Jul 18 10:56:15.299743 2016] [ssl:warn] [pid 1377] AH01909: RSA certificate configured for domain.com:443 does NOT include an ID which matches the server name


<VirtualHost 1.1.1.1:80>
      ServerName domain.com
       DocumentRoot /var/www/html/domain.com/live/httpdocs/
</VirtualHost>

<VirtualHost 1.1.1.1:443>
      ServerName domain.com:443
       DocumentRoot /var/www/html/domain.com/live/httpdocs/
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
      SSLCertificateChainFile /etc/pki/tls/certs/domain.com.ca-bundle
      SSLProtocol all -SSLv2 -SSLv3
      SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
      SSLHonorCipherOrder on
</VirtualHost>
Capture.JPG
0
Comment
Question by:timb551
  • 2
3 Comments
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 41717213
Check that the certificates are copied ok to /etc/pki/tls/certs and the permissions are set to allow read from the system.

You can view the certificate file to see if it is the correct one and that is has not expired.

e.g.
openssl x509 -in /etc/pki/tls/certs/domain.com.crt -inform pem -noout -text
0
 

Accepted Solution

by:
timb551 earned 0 total points
ID: 41717263
checked all that and its fine.

For some reason it seems to be taking the config from the ssl.conf file rather than the httpd.conf file.

I have altered the ssl to include the sites certs and its working now but i dont know why a server that hasnt been touch would have changed its setup.
0
 

Author Closing Comment

by:timb551
ID: 41727378
ssl.conf was taking precedence over httpd.conf

Added ssl to ssl.conf and all started working.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
nagios 4 php error after installation 6 90
How to find Linux Server's last patch date 9 45
000webhost.com default error log 1 24
number in printf 13 27
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now