server certificate does NOT include an ID which matches the server name

Hi All,

I can able to open my application in http (80).

I am getting the below error and I am not able to access my application in https (SSL).

I have configured self signed certificate for this application.


[Mon Feb 11 16:31:13.123279 2019] [ssl:warn] [pid 3315] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.123336 2019] [ssl:warn] [pid 3315] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name
[Mon Feb 11 16:31:13.867888 2019] [ssl:warn] [pid 3317] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Feb 11 16:31:13.867944 2019] [ssl:warn] [pid 3317] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name

****************

SslEngine is ON

SSL port 443 is listening

I have checked all the virtual host configuration are correct and i have done all troubleshooting.

Virtual host config file:

<VirtualHost *:443>
DocumentRoot "/usr/local/namess/apache/htdocs"
ServerName remis:443
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.key
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.csr
SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.crt
</VirtualHost>


**********

[root@remis ~]# apachectl configtest
Syntax OK
[root@remis ~]#

**************

[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com
error 18 at 0 depth lookup:self signed certificate
OK
[root@remis ~]#

*****************
[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.key/server.key
-rw-r--r-- 1 namess namess1679 Feb 11 16:24 /usr/local/namess/apache/conf/ssl.key/server.key

[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.csr/server.csr
-rw------- 1 namess namess1013 Feb 11 16:27 /usr/local/namess/apache/conf/ssl.csr/server.csr

[root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.crt/server.crt
-rw-r--r-- 1 namess namess1334 Feb 11 16:28 /usr/local/namess/apache/conf/ssl.crt/server.crt
[root@remis ~]#

Can you anyone help me to resolve this issue ?

Thanks in advance
Ram

Quote:

Originally Posted by R.N.RAM KANNAN Hi All, I can able to open my application in http (80). I am getting the below error and I am not able to access my application in https (SSL). I have configured self signed certificate for this application. Code: [Mon Feb 11 16:31:13.123279 2019] [ssl:warn] [pid 3315] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 16:31:13.123336 2019] [ssl:warn] [pid 3315] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name [Mon Feb 11 16:31:13.867888 2019] [ssl:warn] [pid 3317] AH01906: remis:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Mon Feb 11 16:31:13.867944 2019] [ssl:warn] [pid 3317] AH01909: remis:443:0 server certificate does NOT include an ID which matches the server name SslEngine is ON SSL port 443 is listening I have checked all the virtual host configuration are correct and i have done all troubleshooting. Virtual host config file: Code: <VirtualHost *:443> DocumentRoot "/usr/local/namess/apache/htdocs" ServerName remis:443 SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.key SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.csr SSLCertificateFile /usr/local/namess/apache/conf/ssl.crt/server.crt </VirtualHost> ********** [root@remis ~]# apachectl configtest Syntax OK [root@remis ~]# ************** [root@remis ~]# openssl verify /root/ssltemp/server.crt /root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com error 18 at 0 depth lookup:self signed certificate OK ***************** [root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.key/server.key -rw-r--r-- 1 namess namess1679 Feb 11 16:24 /usr/local/namess/apache/conf/ssl.key/server.key [root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.csr/server.csr -rw------- 1 namess namess1013 Feb 11 16:27 /usr/local/namess/apache/conf/ssl.csr/server.csr [root@remis ~]# ls -l /usr/local/namess/apache/conf/ssl.crt/server.crt -rw-r--r-- 1 namess namess1334 Feb 11 16:28 /usr/local/namess/apache/conf/ssl.crt/server.crt Can you anyone help me to resolve this issue ?

Please wrap things in CODE tags to make them easier to read. And did you read what you posted? I bolded and underlined some things for emphasis above, and the errors are VERY clear. Your certificate wasn't generated/renewed correctly. And since you have 'done all troubleshooting.', did you look up those errors, or read the OpenSSL docs?

Quote:

Originally Posted by OpenSSL Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.

You are getting a *WARNING* of "server certificate does NOT include an ID which matches the server name" which is not an error. It indicates that you made a configuration error in that either the wrong TLS server certificate has been set, or that Apache can't match the ServerName to the common name or any of subjectAlternateName in the certificate.

Try switching the ServerName and ServerAlias directives, or generate your certificate correctly. And again, you've not provided ANY details (version/distro of Linux, version of Apache, and what your 'application' actually is) that would let anyone help you further.

Thanks TBOne.

Still i am getting the same error.



[root@remis ~]# openssl verify /root/ssltemp/server.crt
/root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com
error 18 at 0 depth lookup:self signed certificate
OK
[root@remis ~]#

My hostname and comman name are same but still i am facing same issue.

ServerName remis:443 (Virtual host entry)

URL: https://remis/namess

Do anyone has any idea on this ?

I followed the below steps to generate certifcates.

openssl genrsa 2048 > server.key
openssl req -new -key server.key > server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt


Thanks
Ram Kannan.

Quote:

Originally Posted by R.N.RAM KANNAN Thanks TBOne. Still i am getting the same error. Code: [root@remis ~]# openssl verify /root/ssltemp/server.crt /root/ssltemp/server.crt: C = IN,Chennai, L = Chennai, O = remis company, CN = remis.company.com error 18 at 0 depth lookup:self signed certificate OK [root@remis ~]# My hostname and comman name are same but still i am facing same issue. ServerName remis:443 (Virtual host entry) URL: https://remis/namess Do anyone has any idea on this ? I followed the below steps to generate certifcates. openssl genrsa 2048 > server.key openssl req -new -key server.key > server.csr openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

As you were told before, put things in CODE tags so they're easier to read. And did you read all of what you were told??? You were given things to try in your Apache configuration, and the file you're running the check on is **NOT** the same as the one in the original error message. And again, did you read what you posted??

You're saying the hostname and common name are the same. Did you actually read the openssl documentation I posted??

OpenSSL is complaining because the certificate is self signed, which is a different error message than your first post. Self signed certificates are not "trustable" because they are not issued from a certificate authority or root (or they are a root themselves). By their nature, all root certs are self-signed, but I digress...

Read the documentation TBone provided first.

What is the purpose of this web server, internal use only or do you intend to expose it to the Internet and allow people to access it?