httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Favor <da...@davidfavor.com>
Subject Re: [users@httpd] New install of Apache not accepting client certs
Date Fri, 18 Jul 2014 14:59:08 GMT
D'Arcy J.M. Cain wrote:
> I just upgraded my Apache from 2.4.7 to 2.4.9 and now my clients' cert
> give me a "server certificate does NOT include an ID which matches the
> server name" error and it serves the system cert instead which fails
> because it doesn't match the domain.  Here is an example (sanitized)
> entry in my httpd.conf.  Any ideas?  I am reverting to 2.4.7 in the
> meantime.
> 
> <VirtualHost 256.256.256.256:443>
>     ServerName wwws.example.com
>     DocumentRoot /u/WEB/user
>     ServerAdmin webmaster@vex.net
>     SuexecUserGroup user user
>  
>     Include /VEX/templates/www/httpd-ssl.conf
>     SSLCertificateFile /VEX/certs/wwws.example.com.cert
>     SSLCertificateKeyFile /etc/certs/wwws.example.com.key
> </VirtualHost>
> ------------------------------------------------------------------------------
> 
> /VEX/templates/www/httpd-ssl.conf contains this:
> 
> SSLEngine on
>  
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </Files>
>  
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> 
> 

Running your site through this tool might help...

     https://www.ssllabs.com/ssltest/index.html

And... Make sure your host still points to the exact same IP address.

Likely many of the SSL certificate checkers will help. Just google...

     ssl certificate checker

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message