Joel Buhr
asked on
Apache SSL Not Serving SSL Site after Cert Renew
CENTOS 6.5 Server running Apache 2.2.15
We are running a Secure Site on this server and thus have a SSL cert from GoDaddy. The Cert from Godaddy is current but recently the Server-Cert expired.
Followed the instructions here to generate a new Server-Cert
https://serverfault.com/questions/578069/ssl-library-error-8181-certificate-has-expired
Then here to generate a new CSR
https://tecadmin.net/simple-steps-to-generate-csr-on-centos/#
Then we went and Re-Keyed our SSL cert with Godaddy, plugged in the new cert details and restarted HTTPD.
When I run : nmap -sT xxxxx.xxxxxxx.com
Get this
It appears that it is not listening on 443. If I add a "Listen 443" directive to the HTTPD Conf though it resolves to the Centos Apache default screen versus the site root.
In the SSL_ERROR Log I am seeing the following
Only other things I am seeing in Error_log
Attached are copies of the HTTPD.CONF and SSL.CONF
httpd.conf-copy.txt
ssl.conf.txt
We are running a Secure Site on this server and thus have a SSL cert from GoDaddy. The Cert from Godaddy is current but recently the Server-Cert expired.
Followed the instructions here to generate a new Server-Cert
https://serverfault.com/questions/578069/ssl-library-error-8181-certificate-has-expired
Then here to generate a new CSR
https://tecadmin.net/simple-steps-to-generate-csr-on-centos/#
Then we went and Re-Keyed our SSL cert with Godaddy, plugged in the new cert details and restarted HTTPD.
When I run : nmap -sT xxxxx.xxxxxxx.com
Get this
Host is up (0.00044s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
8443/tcp open https-alt
10000/tcp open snet-sensor-mgmt
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
It appears that it is not listening on 443. If I add a "Listen 443" directive to the HTTPD Conf though it resolves to the Centos Apache default screen versus the site root.
In the SSL_ERROR Log I am seeing the following
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:11 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:42 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue May 22 15:09:43 2018] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Only other things I am seeing in Error_log
[Tue May 22 15:31:28 2018] [notice] caught SIGTERM, shutting down
[Tue May 22 15:31:29 2018] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue May 22 15:31:29 2018] [notice] Digest: generating secret for digest authentication ...
[Tue May 22 15:31:29 2018] [notice] Digest: done
[Tue May 22 15:31:29 2018] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Tue May 22 15:31:29 2018] [notice] mod_python: using mutex_directory /tmp
[Tue May 22 15:31:29 2018] [notice] Apache/2.2.15 (Unix) DAV/2 mod_fcgid/2.3.9 mod_nss/2.2.15 NSS/3.21.3 Basic ECC PHP/5.3.3 mod_python/3.3.1 Python/2.6.6 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.2 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations
Attached are copies of the HTTPD.CONF and SSL.CONF
httpd.conf-copy.txt
ssl.conf.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER