httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Hansen <joe.hansen...@gmail.com>
Subject [users@httpd] RSA server certificate CommonName (CN) 'localhost.localdomain' does NOT match server name!?
Date Mon, 06 Jun 2011 17:19:34 GMT
Hi there,

I see the following error messages in the ssl_error_log file when I
restart Apache:
RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?
RSA server certificate CommonName (CN) 'localhost.localdomain' does
NOT match server name!?

I appreciate any pointers to solve this issue. Thank you!

Regards,
Shashi

More details:

Environment: Apache 2.2.3-45, Tomcat 6, CentOS 5.5 64-bit

/* httpd.conf */
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
Include conf/extra/httpd-ssl.conf

/* httpd-vhosts.conf */
<VirtualHost *:80>
        ServerAdmin joe@xyz.com
        ServerName www.xyz.com
        ServerAlias xyz.com
        ErrorLog "logs/ajp.error.log"

        <Proxy *>
                AddDefaultCharset Off
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>


/* httpd-ssl.conf */
NameVirtualHost *:443
<VirtualHost *:443>
	ServerName www.xyz.com
	ServerAdmin joe@xyz.com
	ErrorLog "/etc/httpd/logs/error_log"
	TransferLog "/etc/httpd/logs/ssl_access_log"
	SSLEngine on
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
	SSLCertificateFile "/usr/local/xyzssl/xyz.com.crt"
	SSLCertificateKeyFile "/usr/local/xyzssl/xyz.key"
	SSLCertificateChainFile "/usr/local/xyzssl/gd_bundle.crt"

	CustomLog "/etc/httpd/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

	<Proxy *>
			AddDefaultCharset Off
			Order deny,allow
			Allow from all
	</Proxy>
														
	ProxyPass / ajp://localhost:8009/
	ProxyPassReverse / ajp://localhost:8009/

</VirtualHost>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message