Find the answer to your Linux question:
Results 1 to 6 of 6
Hello everyone, I am running Apache 2.2 on an Ubunutu server. I am trying to migrate a few websites I own from one machine to another but am having some ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2008
    Location
    Baton Rouge, LA
    Posts
    37

    Apache (SSL) problems


    Hello everyone,
    I am running Apache 2.2 on an Ubunutu server. I am trying to migrate a few websites I own from one machine to another but am having some problems with SSL.
    Apache won't load and I am getting the following errors:
    Code:
    [Fri Aug 13 09:27:00 2010] [warn] RSA server certificate CommonName (CN) `servername.domainname.com' does NOT match server name!?
    [Fri Aug 13 09:27:00 2010] [error] Unable to configure RSA server private key
    [Fri Aug 13 09:27:00 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
    I am using the same exact key and cert files that were used when the domain was on the other machine. Anyone have any ideas? I will post information if anyone needs to see more, just tell me what.

    Thanks in advance!

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,356
    servername.domainname.com' does NOT match server name!
    So, what CN is in the cert, and what did you use as ServerName in apache conf?
    They need to be the same.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Oct 2008
    Location
    Baton Rouge, LA
    Posts
    37
    They do match but in the error log, it is telling me that the CN is something different than it actually is. This has been something causing me problems for quite some time because I've set up many many websites but have NEVER had so many problems. I appreciate the help, but I already checked to cofirm that the SeverName directive had the same name as the RSA CN.

  4. #4
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    If the error log says the CN is different than what you think it actually is, then Apache is not loading the certificate you think it is loading. Does the SSLCertificateFile directive in ssl.conf point to the correct cert file?

  5. #5
    Just Joined!
    Join Date
    Mar 2005
    Location
    Corona, CA
    Posts
    29
    Quote Originally Posted by greyhairweenie View Post
    If the error log says the CN is different than what you think it actually is, then Apache is not loading the certificate you think it is loading. Does the SSLCertificateFile directive in ssl.conf point to the correct cert file?
    Apache isn't lying to you. From it's perspective the servername doesn't match the cert. Verify the cert name, check that you don't have multiple ServerName directives. IIRC, doesn't apache on Ubuntu use site-enabled and site-available directories? You may have the meaning of those mixed up, or you may be setting the servername in one file but it's getting overwritten by another config file that's read afterwards.

  6. #6
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    Quote Originally Posted by neildomo View Post
    you may be setting the servername in one file but it's getting overwritten by another config file that's read afterwards.
    Good point. If you back up ssl.conf in place as e.g. ssl.old.conf, it will read ssl.old.conf last and use that config. It reads in all *.conf files in the folder.

    Whatever the cause, Apache is loading a different cert than you think you've configured.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •