The following is a very fresh Centos7 Apache2.4 install. Config files haven't been changed except of the last line of httpd.conf as shown. mod_ssl and openssl have been installed. Certificates came from sslforfree, and I have successfully used them at other sites so they are not the issue. http website works, but https times out. Firewall was disabled to make extra sure, and isn't the issue.
As seen, I am getting error
[ssl:warn] [pid 2459] AH01909: RSA certificate configured for example.com:443 does NOT include an ID which matches the server name. But openssl shows it as being correct.
What is going wrong?
Thank you
Code:
[root@example ~]# tail -1 /etc/httpd/conf/httpd.conf
IncludeOptional sites-enabled/*.conf
[root@example ~]# cat /etc/httpd/sites-available/corperate.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/corperate/html
<Directory "/var/www/corperate/html">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
RewriteEngine On
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/corperate/html
SSLEngine on
SSLCertificateFile "/etc/pki/tls/certs/certificate.crt"
SSLCertificateKeyFile "/etc/pki/tls/private/private.key"
SSLCACertificateFile "/etc/pki/tls/certs/ca_bundle.crt"
<Directory "/var/www/corperate/html">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
RewriteEngine On
</Directory>
</VirtualHost>
[root@example ~]# openssl x509 -in /etc/pki/tls/certs/certificate.crt -noout -subject
subject= /CN=example.com
[root@example ~]# tail -2 /var/log/httpd/ssl_error_log
[Wed May 24 14:34:18.641188 2017] [ssl:warn] [pid 2413] AH01909: RSA certificate configured for example.com:443 does NOT include an ID which matches the server name
[Wed May 24 14:34:18.675031 2017] [ssl:warn] [pid 2413] AH01909: RSA certificate configured for example.com:443 does NOT include an ID which matches the server name
[root@example ~]# systemctl restart httpd.service
[root@example ~]# tail -2 /var/log/httpd/ssl_error_log
[Wed May 24 14:36:41.201521 2017] [ssl:warn] [pid 2459] AH01909: RSA certificate configured for example.com:443 does NOT include an ID which matches the server name
[Wed May 24 14:36:41.226252 2017] [ssl:warn] [pid 2459] AH01909: RSA certificate configured for example.com:443 does NOT include an ID which matches the server name
[root@example ~]# hostnamectl status
Static hostname: example.com
Icon name: computer-vm
Chassis: vm
Machine ID: xxx
Boot ID: xxx
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-514.16.1.el7.x86_64
Architecture: x86-64
[root@example ~]# httpd -S
VirtualHost configuration:
*:80 example.com (/etc/httpd/sites-enabled/corperate.conf:1)
*:443 is a NameVirtualHost
default server example.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost example.com (/etc/httpd/conf.d/ssl.conf:56)
port 443 namevhost example.com (/etc/httpd/sites-enabled/corperate.conf:12)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
[root@example ~]# sed -n '56p' < /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:443>
[root@example ~]#