Not sure about 2.4.6, but httpd IIRC recognizes wildcard certificates perfectly, in any case, you could try adding "ServerAlias *.amnetgroup.com" to the virtualhost config. The old certificate was a wildcard too?
El lun., 6 ene. 2020 a las 9:02, Sac Isilia (<[email protected]>) escribió: > > Hi Daniel, > > The CN is *.amnetgroup.com . And the ssl certificate is wildcard certificate > that we got from Rapidssl. Till now the old certificate runs fine with same > config. > > Regards > Sachin Kumar > > On Mon, 6 Jan 2020, 13:25 Daniel Ferradal, <[email protected]> wrote: >> >> The servername "www.amnetgroup.com" and CN in the certificate must >> match and be the same, that is what "rsa certificate configured for >> xxxxxxxxxxx:443 does not include an id which matches the server name >> " means. >> >> you can easily check it with command "openssl x509 -in >> /ssl/amnetgroup.com/cert/amnetgroup.com.crt -noout -subject" >> >> So if the CN is amnetgroup.com and your servername is >> www.amnetgroup.com there is no match unless there is SAN (subject >> alternate name) in the cert that matches the servername you are using. >> >> El dom., 5 ene. 2020 a las 20:07, Sac Isilia >> (<[email protected]>) escribió: >> > >> > Hi @lbutlr, >> > >> > Below is the site.conf file settings . We just updated the certificate >> > contents and touched nothing else. Right now the site is reverted to its >> > original certificate. But as soon as we update the certificate contents it >> > doesn't work and throw the error that I mentioned. >> > >> > <VirtualHost *:80> >> > ServerName amnetgroup.com >> > >> > >> > RedirectMatch 301 (.*) https://www.amnetgroup.com$1 >> > </VirtualHost> >> > >> > <VirtualHost *:80> >> > ServerName amnet.ie >> > ServerAlias www.amnet.ie >> > ServerAlias amnetgroup.ie www.amnetgroup.ie >> > RedirectMatch 301 (.*) https://www.amnetgroup.com/en/ie/ >> > </VirtualHost> >> > >> > <VirtualHost *:80> >> > ServerName www.amnetgroup.com >> > >> > >> > DocumentRoot "/sites/amnetgroup.com/public_html" >> > >> > Redirect permanent / https://www.amnetgroup.com/ >> > >> > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined >> > ErrorLog /sites/logs/apache/amnetgroup.com-error.log >> > >> > <IfModule worker.c> >> > StartServers 4 >> > MaxClients 300 >> > MinSpareThreads 25 >> > MaxSpareThreads 75 >> > ThreadsPerChild 25 >> > MaxRequestsPerChild 0 >> > </IfModule> >> > >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ >> > fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 >> > DirectoryIndex index.php >> > >> > DirectoryIndex index.php >> > php_value memory_limit 1024M >> > >> > <Directory "/sites/amnetgroup.com/public_html/"> >> > Options Indexes FollowSymLinks >> > AllowOverride All >> > Require all granted >> > </Directory> >> > RewriteEngine On >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) >> > RewriteRule .* - [F] >> > </VirtualHost> >> > >> > <VirtualHost *:443> >> > ServerName amnetgroup.com >> > SSLEngine on >> > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt >> > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key >> > SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle >> > >> > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 >> > SSLCipherSuite >> > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 >> > SSLHonorCipherOrder on >> > SSLCompression off >> > SSLSessionTickets off >> > >> > Redirect permanent / https://www.amnetgroup.com/ >> > >> > RewriteEngine On >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) >> > RewriteRule .* - [F] >> > </VirtualHost> >> > >> > <VirtualHost *:443> >> > ServerName www.amnetgroup.com >> > SSLEngine on >> > SSLCertificateFile /ssl/amnetgroup.com/cert/amnetgroup.com.crt >> > SSLCertificateKeyFile /ssl/amnetgroup.com/src/amnetgroup.com.key >> > SSLCertificateChainFile /ssl/amnetgroup.com/cert/amnetgroup.com-bundle >> > >> > SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 >> > SSLCipherSuite >> > ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 >> > SSLHonorCipherOrder on >> > SSLCompression off >> > SSLSessionTickets off >> > >> > DocumentRoot "/sites/amnetgroup.com/public_html" >> > >> > CustomLog /sites/logs/apache/amnetgroup.com-access.log combined >> > ErrorLog /sites/logs/apache/amnetgroup.com-error.log >> > >> > <IfModule worker.c> >> > StartServers 4 >> > MaxClients 300 >> > MinSpareThreads 25 >> > MaxSpareThreads 75 >> > ThreadsPerChild 25 >> > MaxRequestsPerChild 0 >> > </IfModule> >> > >> > ProxyPassMatch ^/(.*\.php(/.*)?)$ >> > fcgi://127.0.0.1:9054/sites/amnetgroup.com/public_html/$1 >> > DirectoryIndex index.php >> > php_value memory_limit 1024M >> > >> > <Directory "/sites/amnetgroup.com/public_html/"> >> > Options Indexes FollowSymLinks >> > AllowOverride All >> > Require all granted >> > </Directory> >> > RewriteEngine On >> > RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|HEAD) >> > RewriteRule .* - [F] >> > </VirtualHost> >> > >> > Regards >> > Sachin Kumar >> > >> > On Sun, Jan 5, 2020 at 11:45 PM @lbutlr <[email protected]> wrote: >> >> >> >> On 04 Jan 2020, at 10:02, Sac Isilia <[email protected]> wrote: >> >> > ah01909: rsa certificate configured for xxxxxxxxxxx:443 does not >> >> > include an id which matches the server name >> >> > >> >> > Please help me in resolving this issue. >> >> >> >> That seems clear to me. >> >> >> >> What is the server name and what are the servers listed in the >> >> certificate? Is there a match? >> >> >> >> Are you sure? >> >> >> >> Are you looking at the right certificate? Is the server looking at the >> >> right certificate? Has apache been restarted? >> >> >> >> >> >> >> >> -- >> >> NOTHING IS FINAL. NOTHING IS ABSOLUTE. EXCEPT ME, OF COURSE. SUCH >> >> TINKERING WITH DESTINY COULD MEAN THE DOWNFALL OF THE WORLD. >> >> THERE MUST BE A CHANCE, HOWEVER SMALL. THE LAWYERS OF FATE DEMAND >> >> A LOOPHOLE IN EVERY PROPHECY. —Sourcery >> >> >> >> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: [email protected] >> >> For additional commands, e-mail: [email protected] >> >> >> >> >> -- >> Daniel Ferradal >> HTTPD Project >> #httpd help at Freenode >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> -- Daniel Ferradal HTTPD Project #httpd help at Freenode --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
