On 07 Jan 2020, at 21:20, Sac Isilia wrote:
> "apache and IIS are communicating is where your problem appears to be" - How
> to trace that IIS and apache are communicating.
No Idea, I do not use IIS.
> Because the existing certificate works fine. The problem arises only when new
> certificate
Hi Kremels,
"apache and IIS are communicating is where your problem appears to be" -
How to trace that IIS and apache are communicating. Because the existing
certificate works fine. The problem arises only when new certificate is
updated. The server on which website is hosted runs on Linux and
On 07 Jan 2020, at 06:53, Sac Isilia wrote:
> apachectl -S
This isn’t going to help as long as the server facing the outside is an IIS
server and not apache.
However apache and IIS are communicating is where your problem appears to be.
I bet if you can access the apache server directly
Hi Daniel,
Below is the output of the command that you suggested.
[root@amdc2webl06 conf.d]# apachectl -S
[Tue Jan 07 08:49:25.470093 2020] [so:warn] [pid 16970] AH01574: module
php7_module is already loaded, skipping
[Tue Jan 07 08:49:25.470194 2020] [so:warn] [pid 16970] AH01574: module
Hello,
1º the way to verify is the openssl commands we mentioned earlier.
2º no, you clearly do not have that in the server that reports those
warnings, or if you do, that virtualhost is alright and the problem is the
other virtualhosts that report the warning, like:
amdc2webl06.dmz.local:443
Hi Daniel ,
That makes sense. I will needing help as I have very less knowledge of
Apache and instead messing things up please help me in below queries.
"you probably are using the public name but the certs you are really using
are local names or the opposite" - How to verify this on the Linux.
Hello,
The key to your certificate issues lies in the warning messages like this
one:
AH01909: RSA certificate configured for amdc2webl06.dmz.local:443 does NOT
include an ID which matches the server name.
So you probably are using the public name but the certs you are really
using are local
Hi Daniel,
If we want to disable this Proxy setting in httpd - how will we do that ? I
can see below logs in the file . If the SSL settings is all correct then I
think we can try to disable the Proxy setting that you mentioned but I
don't know how to do that.
[root@amdc2webl06 logs]# tail -f
As I see it, even if it is IIS it is configured correctly and replying
otherwise you would not even reach the point of the 502 error which refers
to a backend to the server you are talking to is trying to contact
What I would do is:
* Find out why something else seems to be replying
* Supposing
Hi Daniel,
Let me clarify the whole chain of events
1. We received a request to renew the SSL certificate that is set to expire
on 23rd Jan 2020
2. Post which we generated the CSR and sent the .csr file to the Digicert
(RapidSSL) to issue us a wild card certificate with 2 years warranty.
3. They
I have no clue about Azure, sorry.
But I can tell the server that responds says it is not Apache, if that
is some kind of frontend (the IIS server that is replying), maybe that
one is acting as a client proxing to the apache you mentioned earlier,
that would explain the errors and confirm what I
Hi Daniel,
The server on which SSL certificate is installed runs RHEL but recently the
server was migrated to Azure two months ago. Is there need to be done from
Azure end as well?
Regards
Sachin Kumar
On Tue, 7 Jan 2020, 15:44 Daniel Ferradal, wrote:
> I'm confused now. The server responding
I'm confused now. The server responding says it is a IIS server, not Apache.
"Server: Microsoft-IIS/10.0"
And the 502 is while it is trying to proxy somewhere, so...
El mar., 7 ene. 2020 a las 6:11, Sac Isilia
() escribió:
>
> Hi Daniel/Team,
>
> I ran the command as you suggested - curl -vI
Hi Daniel/Team,
I ran the command as you suggested - curl -vI https://www.amnetgroup.com
and it got below message.
[root@amdc2webl06 cert]# curl -vI https://www.amnetgroup.com
* About to connect() to www.amnetgroup.com port 443 (#0)
* Trying 52.167.221.189...
* Connected to www.amnetgroup.com
Who is reporting a 502 exactly?
Perhaps we are missing the entire chain of events to properly diagnose
the issue.
If the problem is a client reporting an issue while proxying to this
server try manually to access ther web server yourself to discard
issues:
curl -vI https://www.amnetgroup.com
Hi Martin,
Below is the attribute of the existing working certificate. The only
difference is that the new certificate is of validity 2 years , but that
should not be an issue.
We performed below steps while updating -
1.openssl req -newkey rsa:2048 -nodes -keyout amnetgroup.com.key -out
Hi Daniel,
Yes the old one was also wildcard. And we had no alias setup earlier as
well. Though i tried this but it didn't worked either.
Regards
Sachin Kumar
On Mon, 6 Jan 2020, 13:50 Daniel Ferradal, wrote:
> Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates
> perfectly,
Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates
perfectly, in any case, you could try adding "ServerAlias
*.amnetgroup.com" to the virtualhost config. The old certificate was a
wildcard too?
El lun., 6 ene. 2020 a las 9:02, Sac Isilia
() escribió:
>
> Hi Daniel,
>
> The CN
Hi Daniel,
The CN is *.amnetgroup.com . And the ssl certificate is wildcard
certificate that we got from Rapidssl. Till now the old certificate runs
fine with same config.
Regards
Sachin Kumar
On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, wrote:
> The servername "www.amnetgroup.com" and CN in
The servername "www.amnetgroup.com" and CN in the certificate must
match and be the same, that is what "rsa certificate configured for
xxx:443 does not include an id which matches the server name
" means.
you can easily check it with command "openssl x509 -in
Hi @lbutlr,
Below is the site.conf file settings . We just updated the certificate
contents and touched nothing else. Right now the site is reverted to its
original certificate. But as soon as we update the certificate contents it
doesn't work and throw the error that I mentioned.
ServerName
On 04 Jan 2020, at 10:02, Sac Isilia wrote:
> ah01909: rsa certificate configured for xxx:443 does not include an
> id which matches the server name
>
> Please help me in resolving this issue.
That seems clear to me.
What is the server name and what are the servers listed in the
Hi Team,
Overview - There was existing website for which SSL certificate was set to
expire on Jan 20 2020. Hence we generated CSR and got the PKCS#7
certificate , which was converted .crt and the required private key and the
bundle file was updated on the server . But once we again hit the
23 matches
Mail list logo
