Reputation: 4121
Apache - Installing SSL Cert
I am a newbie to ssl certs and installing on apache. I have the following virtual host setup
<VirtualHost *:443>
ServerName www.beta.mysite.com
SSLEngine on
SSLCertificateFile /home/ec2-user/sslCerts/beta_mysite_com.crt
SSLCertificateKeyFile /home/ec2-user/sslCerts/mySite.key
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
All the paths to the certs are valid When i run the apache start command I get the following error
Starting httpd: [Sun Oct 23 12:34:37 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Also - my ssl_error.log file shows the following error
[Sun Oct 23 12:34:37 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Oct 23 12:34:37 2016] [warn] RSA server certificate CommonName (CN) `ip-172-55-16-165' does NOT match server name!?
[Sun Oct 23 12:34:37 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Oct 23 12:34:37 2016] [warn] RSA server certificate CommonName (CN) `ip-172-55-16-165' does NOT match server name!?
Any idea what I need to do in order to get ssl setup correctly?
Upvotes: 0
Views: 1292
Answers (2)
Reputation: 430
There are certainly two virtual hosts configured to use port 443. Please confirm and check if the Apache server you are running is SNI enabled. Means, one IP one port can be used to configure multiple URL's and ssl certificates. If yes, then mention the exact url in the Virtual host like one below:
VirtualHost mysite1.abc.com:443
VirtualHost mysite2.abc.com:443
The second error that you mentioned states that an IP based SSL certificates has been binded to a domain based website. I am not sure which virtual host is using the IP based SSL. You can run the following command to checked the certificates content:
openssl x509 -inform pem -in cerfile.cer -noout -text.
Once you have found which virtual host is used, replace the certificate with the one you have purchased from CA.
Upvotes: 1
Reputation: 4121
@hjpotter92 was correct - there were 2 vhosts for port 443 configured
When I ran the following command yum install mod_ssl openssl
It generate the file conf.d with the file ssl.conf I also had a vhost for port 443 in conf/httpd.conf I removed the vhost in conf/httpd.conf and configured the vhost in conf.d/ssl.conf and all is now working correctly
Upvotes: 1
Related Questions
- How do I install SSL? No Key or CA, Only CRT
- How to install SSL certificate in apache server in ubuntu
- Error while installing SSL in Apache
- Apache2 SSL certificate error
- Apache SSL Certificate
- SSL Certificate installation apache 2 not working
- Adding SSL to my website
- setting up ssl on apache2
- SSL certificate installing
- linux - Problems installing SSL cert - Apache2