server certificate does NOT include an ID which matches the server name
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
server certificate does NOT include an ID which matches the server name
Hi All,
I can able to open my application in http (80).
I am getting the below error and I am not able to access my application in https (SSL).
I have configured self signed certificate for this application.
[Mon Feb 11 16:31:13.123279 2019] [ssl:warn] [pid 3315] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.123336 2019] [ssl:warn] [pid 3315] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name
[Mon Feb 11 16:31:13.867888 2019] [ssl:warn] [pid 3317] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.867944 2019] [ssl:warn] [pid 3317] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name
****************
SslEngine is ON
SSL port 443 is listening
I have checked all the virtual host configuration are correct and i have done all troubleshooting.
[root@remis ~]# apachectl configtest
Syntax OK
[root@remis ~]#
**************
[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com
error 18 at 0 depth lookup:self signed certificate
OK
[root@remis ~]#
*****************
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.key/server.key
-rw-r--r-- 1 namess namess1679 Feb 11 16:24 /usr/local/namess/apache/conf/ssl.key/server.key
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.csr/server.csr
-rw------- 1 namess namess1013 Feb 11 16:27 /usr/local/namess/apache/conf/ssl.csr/server.csr
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.crt/server.crt
-rw-r--r-- 1 namess namess1334 Feb 11 16:28 /usr/local/namess/apache/conf/ssl.crt/server.crt
[root@remis ~]#
Can you anyone help me to resolve this issue ?
Thanks in advance
Ram
Last edited by R.N.RAM KANNAN; 02-12-2019 at 06:34 AM.
Hi All,
I can able to open my application in http (80). I am getting the below error and I am not able to access my application in https (SSL). I have configured self signed certificate for this application.
Code:
[Mon Feb 11 16:31:13.123279 2019] [ssl:warn] [pid 3315] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.123336 2019] [ssl:warn] [pid 3315] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name
[Mon Feb 11 16:31:13.867888 2019] [ssl:warn] [pid 3317] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.867944 2019] [ssl:warn] [pid 3317] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name
SslEngine is ON
SSL port 443 is listening
I have checked all the virtual host configuration are correct and i have done all troubleshooting. Virtual host config file:
Code:
<VirtualHost *:443>
DocumentRoot "/usr/local/namess/apache/htdocs"
ServerName remis:443
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.key
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.csr
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.crt
</VirtualHost>
**********
[root@remis ~]# apachectl configtest
Syntax OK
[root@remis ~]#
**************
[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com
error 18 at 0 depth lookup:self signed certificate
OK
*****************
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.key/server.key
-rw-r--r-- 1 namess namess1679 Feb 11 16:24 /usr/local/namess/apache/conf/ssl.key/server.key
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.csr/server.csr
-rw------- 1 namess namess1013 Feb 11 16:27 /usr/local/namess/apache/conf/ssl.csr/server.csr
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.crt/server.crt
-rw-r--r-- 1 namess namess1334 Feb 11 16:28 /usr/local/namess/apache/conf/ssl.crt/server.crt
Can you anyone help me to resolve this issue ?
Please wrap things in CODE tags to make them easier to read. And did you read what you posted? I bolded and underlined some things for emphasis above, and the errors are VERY clear. Your certificate wasn't generated/renewed correctly. And since you have 'done all troubleshooting.', did you look up those errors, or read the OpenSSL docs?
Quote:
Originally Posted by OpenSSL
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
You are getting a *WARNING* of "server certificate does NOT include an ID which matches the server name" which is not an error. It indicates that you made a configuration error in that either the wrong TLS server certificate has been set, or that Apache can't match the ServerName to the common name or any of subjectAlternateName in the certificate.
Try switching the ServerName and ServerAlias directives, or generate your certificate correctly. And again, you've not provided ANY details (version/distro of Linux, version of Apache, and what your 'application' actually is) that would let anyone help you further.
[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com error 18 at 0 depth lookup:self signed certificate
OK
[root@remis ~]#
My hostname and comman name are same but still i am facing same issue.
[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com
error 18 at 0 depth lookup:self signed certificate
OK
[root@remis ~]#
My hostname and comman name are same but still i am facing same issue.
ServerName remis:443 (Virtual host entry) URL: https://remis/namess
Do anyone has any idea on this ? I followed the below steps to generate certifcates.
As you were told before, put things in CODE tags so they're easier to read. And did you read all of what you were told??? You were given things to try in your Apache configuration, and the file you're running the check on is **NOT** the same as the one in the original error message. And again, did you read what you posted??
You're saying the hostname and common name are the same. Did you actually read the openssl documentation I posted??
OpenSSL is complaining because the certificate is self signed, which is a different error message than your first post. Self signed certificates are not "trustable" because they are not issued from a certificate authority or root (or they are a root themselves). By their nature, all root certs are self-signed, but I digress...
Read the documentation TBone provided first.
What is the purpose of this web server, internal use only or do you intend to expose it to the Internet and allow people to access it?
Last edited by sevendogsbsd; 02-13-2019 at 10:41 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.