I have a problem installing the SSL certificates. The problem i think the server name doesn't match the certificate's server name.
Here the exact Apache problem:
[Wed Oct 02 18:33:23 2013] [warn] RSA server certificate CommonName (CN) `name1.name2.fr' does NOT match server name!?
[Wed Oct 02 18:33:23 2013] [error] Unable to configure RSA server private key
[Wed Oct 02 18:33:23 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Wed Oct 02 18:34:00 2013] [warn] RSA server certificate CommonName (CN) `name1.name2.fr' does NOT match server name!?
[Wed Oct 02 18:34:00 2013] [error] Unable to configure RSA server private key
[Wed Oct 02 18:34:00 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
We use RHEL 6. How can i see the server name and how to change it ?
Thanks in advance.
You have to set the Server's DNS name first:
so perform the command
$ sudo gksu gedit /etc/hostname to edit the hostname file
add the line www.example.com
$ sudo /etc/hosts and add the line:
127.0.0.1 www.example.com localhost
After that make sure to use that domain name in creating or signing the certificate
I had this warning in ssl_error_log:
[Wed Dec 11 14:02:41 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Dec 11 14:02:41 2013] [warn] RSA server certificate CommonName (CN) `localhost.localdomain' does NOT match server name!?
It is because that mod_ssl in CentOS (5.10) came with a default virtualhost which will use the default cert in /etc/pki/tls/certs/localhost.crt....
I removed the virtualhost section in conf.d/ssl.conf and the warning disappeared after reloading apache.
Related
I am facing a kinda strange problem in my Apache error log. I know that this message is not critical, but what throws me of is that apache ist looking for the certificate at Port 80
Anybody got an idea?
ports.conf is at default, I tried disabling Port 80 here but it didn't change the problem.
[Thu Jul 11 18:45:20.311500 2019] [ssl:warn] [pid 457] AH01909: mydomain.com:80:0 server certificate does NOT include an ID which matches the server name
For some reason, I can no longer issue letsencrypt certificate from the console. It used to work...
The Apache error log shows:
[ssl:warn] [pid 2397] AH01906: xxx.xxx.xxx:8080:0 server certificate is a CA certificate
[ssl:error] [pid 2397] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate!
[ssl:error] [pid 2397] AH02604: Unable to configure certificate xxx.xxx.xxx
The domain name (xxx.xxx.xxx) is the server's name not the website name I want to issue the cert to
Port 8080 was never opened to the world.
I don't understand what's happen on my server. Just bellow the ssl_error_log
[Sat Sep 30 00:51:07 2017] [warn] RSA server certificate CommonName (CN) `www.website.com' does NOT match server name!?
[Sat Sep 30 01:33:05 2017] [warn] RSA server certificate CommonName (CN) `website.com' does NOT match server name!?
[Sat Sep 30 01:33:05 2017] [error] Unable to configure RSA server private key
[Sat Sep 30 01:33:05 2017] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
I don't understand why the check was done on www.website.com and now on website.com...
I'm not a expert on web but I want to understand this problem. Which information I have to look?
Best regards,
robin
I am trying to add SSL certificates from Comodo Security Services on Apache/2.4.10 (Debian) OpenSSL/1.0.1k server.
For configuration:
SSLEngine on
SSLCertificateKeyFile /etc/ssl/24-06-2016/private.key
SSLCertificateFile /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
SSLCertificateChainFile /etc/ssl/24-06-2016/intermediate.crt
I've got error after Apache2 restart:
[Thu Jun 30 07:39:20.895631 2016] [ssl:emerg] [pid 4614] AH02561: Failed to configure certificate account.veedo.ru:443:0, check /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
[Thu Jun 30 07:39:20.895688 2016] [ssl:emerg] [pid 4614] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
AH00016: Configuration Failed
For configuration:
SSLCertificateKeyFile /etc/ssl/24-06-2016/private.key
SSLCertificateFile /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
SSLCACertificateFile /etc/ssl/24-06-2016/intermediate.crt
The error is:
[Thu Jul 07 18:22:21.423776 2016] [ssl:emerg] [pid 14180] AH02562: Failed to configure certificate account.veedo.ru:443:0 (with chain), check /etc/ssl/24-06-2016/account_veedo_ru_2017_06_24.crt
[Thu Jul 07 18:22:21.423826 2016] [ssl:emerg] [pid 14180] SSL Library Error: error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib
AH00016: Configuration Failed
What is wrong? How can I check my certificates? Please help!
Seller wrote me that there was an extra line feed symbol in certificate. It is fixed now and works correctly.
there is a line at the end of crt file that should be removed , just before ---- end ...
really annoying
I generated server.key using openssl CLI and then generated server.csr from that. Then I submitted server.csr to my company (this is all internal) and they gave me a text file which I renamed to server.crt
I followed this guide to install SSL Cert for XAMPP's Apache
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR193
Basically I edited the httpd-ssl.conf file with below:
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
SSLCACertificatePath "conf/ssl.crt/"
SSLCACertificateFile "conf/ssl.crt/server.crt"
When I restarted my Apache server, it failed and gave error:
[Thu May 08 14:14:48.014710 2014] [ssl:warn] [pid 1924:tid 272] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu May 08 14:14:48.016664 2014] [ssl:warn] [pid 1924:tid 272] AH01907: RSA server certificate is not a leaf certificate (BasicConstraints: pathlen == 2 > 0 !?)
[Thu May 08 14:14:48.016664 2014] [ssl:warn] [pid 1924:tid 272] AH01909: RSA certificate configured for www.myservername.com:443 does NOT include an ID which matches the server name
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] AH02238: Unable to configure RSA server private key
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] SSL Library Error: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Thu May 08 14:14:48.016664 2014] [ssl:emerg] [pid 1924:tid 272] AH02311: Fatal error initialising mod_ssl, exiting. See C:/xampp/apache/logs/error.log for more information
Anyone knows why? How to fix this?
Here are my system info
Windows NT LGLAC046 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586
Apache/2.4.4 (Win32) OpenSSL/0.9.8y PHP/5.4.19
OPENSSL_CONF C:/xampp/apache/bin/openssl.cnf
SSL Version OpenSSL/0.9.8y
I generated server.csr using openssl CLI and then generated server.key from that
You're supposed to generate a private key first:
openssl genrsa -des3 -out server.key 1024
then generate a csr:
openssl req -new -key server.key -out server.csr
If you're requesting a new certificate, you then send the CSR to the CA.
It sounds like what you have is a CA certificate, not a server certificate.