General :: Apache With SSL Does Not Load 2nd Certificate
Jun 17, 2010
I am running Apache 2.2.13 with SSL and SNI enabled. This is what the virtual host portions looks like:
<VirtualHost *:443>
ServerAdmin support@itherd.com
DocumentRoot /srv/www/apps/login.itherd.com/
ServerName login.itherd.com
ErrorLog /var/log/apache2/login.itherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/login.itherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/login.itherd.com.key
<Directory "srv/www/apps/login.itherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
<VirtualHost *:443>
ServerAdmin support@clubherd.com
DocumentRoot /srv/www/apps/app.clubherd.com/
ServerName app.clubherd.com
ErrorLog /var/log/apache2/club.clubherd.com-error_log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/app.clubherd.com.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/app.clubherd.com.key
<Directory "srv/www/apps/app.clubherd.com/">
AllowOverride None Options ExecCGI
AddHandler cgi-script cgi pl
Order allow,deny Allow from all
</Directory> </VirtualHost>
When I start Apache it ask me for the pass phrase for the second host (both hosts have one). When I browse to first host it have recognized the loaded its certificate. When I go to the second server I get am untrusted message because it is using the first certificate. I have found and followed the directions of several web posts: [URLs]
View 1 Replies
ADVERTISEMENT
Sep 29, 2009
I used the Center for Internet Security Benchmark for Apache Web Server v2.1 (January 2008) manual.
This is the guidelines I have to follow when installing and configuring Apache...So the problem arises when we get to page:28
Just after running this command: openssl x509 -in url | more
We get this error:unable to load certificate 31352:error:0906D06C:PEM routines:PEM_read_bio:no start lineem_lib.c:650:Expecting: TRUSTED CERTIFICATE
View 2 Replies
View Related
Sep 23, 2010
does anybody have a nice tutorial about creating and installing Apache client certificate (PKCS12) ? I`m looking for some tutorials to CentOS. This what I have found on the internet for some reasons doesnt work. Or maybe somebody could write here how to do it?
View 1 Replies
View Related
Nov 29, 2010
On startup - prompt asking for apache certificate password doesn't accept input. Can switch to another tty but can't restart apache due to the port already being bound (suppose I could change ports for apache config after startup but that's pretty ugly and clearly not the right way to address the problem.
View 5 Replies
View Related
Aug 24, 2011
I'm trying to install an Ubuntu cloud on my home network - I've been following this guide. When I arrived at STEP 6: Install an image from the store PART 3: Click on the Store tab I get the following error message on the page: Error 60: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
View 1 Replies
View Related
Nov 19, 2010
rpm -ivh httpd-2.0.59-1.i386.rpm warning: httpd-2.0.59-1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 751d7f27 error: Failed dependencies:
libapr-0.so.0 is needed by httpd-2.0.59-1.i386
libaprutil-0.so.0 is needed by httpd-2.0.59-1.i386
libcrypto.so.4 is needed by httpd-2.0.59-1.i386
liblber-2.2.so.7 is needed by httpd-2.0.59-1.i386
libldap-2.2.so.7 is needed by httpd-2.0.59-1.i386
libssl.so.4 is needed by httpd-2.0.59-1.i386
[root@ganesh apache]# warning: httpd-2.0.59-1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 751d7f27 -bash: warning:: command not found
View 7 Replies
View Related
Sep 23, 2010
I need to load php module without restart/reload apache, is there a way to do that, php has its option to load zend extension using '-z',
php -z <filename>
is there anyway because I need to load php module in runtime, that I don't want to loose the live running session.
View 1 Replies
View Related
Feb 10, 2010
I have a requirement of using a wildcard certificate for 5 subdomains running under apache httpd server and 1 subdomain under tomcat.Is there any possibility of using the single wildcard certificate both in tomcat and apache
View 3 Replies
View Related
Feb 10, 2011
Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies
View Related
Apr 2, 2011
on an old server of mine, as soon as apache is started, the load average that I get to see with 'top', that normally is under 1, now just steadily climbs up and up to easily 150, in fact disabling the webserver from serving any webpage. I've checked netstat, and I'll try to upload the output. The ip's that are in there I've blocked with iptables. But that doesn't help or so it seems. I see nothing weird in the error logs. As soon as I stop apache, the load goes back to normal. As soon as I (re)start it, up it goes again. What can cause this and how do I get rid of it?
p.s. It's an old server, fedora3 or so, and I've got a new one to which I'll transfer the domains, but until that's completely done, I'd like this one to run as it has for years...
View 1 Replies
View Related
Jul 28, 2010
I have a apache cluster with more than 10 nodes, based on ldirector and heartbeat. The problem is that I cannot predict if my nodes will handle the traffic in the next day (hosting a website based on daily campaigns). So I decided to limit the number of active connection on the nodes (from apache), but this is only a temporary solution. I want to create a page that will appear to users that are getting over the limit. Has anyone made this before? Can you tell me how is it possible (I don't want a how to, just a starting point to study)? I think squid can do it, but I don't know how to search for it. To give you an example of what I want, you can see the same thing on deviantart.
View 3 Replies
View Related
Feb 10, 2010
my server and it had a load of 60 so i immediately took down apache and the load went back down to 0 in a few mins and every time i put it back on the cpu usage on both cores immediately goes to 100% and the load goes up to 20 in just 60 seconds until i take apache down again?
View 6 Replies
View Related
Mar 20, 2010
I have apache running on my server, and also Zoneminder, a surveillance system running on the same machine. Both services runs without glitches, and I think apache's config as well as ZM's config are fine. I am not sure I understand how apache (not to mention the whole thing zoneminder, apache, web browser...) works. Pretty hard to manage when you dont know what you are doing. Also, when I try the supposed to work zoneminder webpage in my web browser, I get nothing (a blank page), or sometimes a "Not found" error message. The latest seems to be from apache because it is the same font as the "It works!" message when I try http://localhost:80
The only bit of information I have so far is in the apache error log (/var/log/httpd/error_log) and it says:
Code:
[Sun Mar 21 00:35:14 2010] [error] [client 192.168.0.100] script '/srv/httpd/htdocs/zm.php' not found or unable to stat
[Sun Mar 21 00:46:04 2010] [error] [client 127.0.0.1] File does not exist: /srv/httpd/htdocs/zm
It seems that the "zm.php" is missing.... That would be why Apache cant find the page?
View 14 Replies
View Related
Feb 16, 2010
I already setup the load balancer and two servers behind it with this kind of topology
Code:
_ Server 1
request -> DIRECTOR /
\_
Server 2
[code]....
The problem is when I try to hit the 192.168.1.1, it sometimes give me a HTTP 200 and sometimes it will timed out. I hit it using lynx -dump. It should return "Hello world!" if success. But if we hit it directly to 192.168.1.2:80 and 192.168.1.3:80, it will return HTTP 200 which means no error and no timeout. Since the Server 1 is the same as Server 2 in configuration, are there somethings I missed here?
Another information is that I set the director using round robin algorithm, so everytime a successful hit returned from server 1, the next one is surely heading to Server 2 right? Based on the Apache's access log, I also knew that the timed out occured only when it is the Server 2's turn to handle the request. Aside from the same httpd.conf and the same httpd version are there any things in the system level, kernel level that should be the same between those two servers?
View 1 Replies
View Related
Feb 12, 2009
I installed svn. it works but apache can't load modules
i installed svn using yum :
#yum install subversion mod_dav_svn
View 2 Replies
View Related
Mar 30, 2010
I noticed i have quite a few logs that end with .[number] for example "syslog.1" "mail.info.1" etc, why is this and why are they there since almost nothing is logged in them ??
Question 2: on my server im running a script like imagebam and imageshack with hosts images so i have quite a few apache requests to my server. I am wonder why apache takes up so much CPU for some of the requests? in Htop some requests take up 1.2% CPU while other take up 3-5% etc, so the total load is about 1.50 0.58 0.84 to 2.61 1.08 1.14 with about 128-150 apache requests all the time while sometimes the CPU load can be almost 0 with the same ammount of requests. is this normal? what could cause this in apache ?? the server is just running apache2. MYSQL is running on another server.
View 1 Replies
View Related
Aug 13, 2010
I have 2 servers that are mirrored. They host 3 separate websites. Two of these websites are regular HTTP and the other is HTTPS with Digest authentication as well. The reason there are 2 servers is because one is a primary and the other secondary in case the primary goes down. Recently I decided to upgrade the secondary server then make it the primary server. I have done most of the configuration and the sites using regular HTTP are working perfectly fine. The page using SSL is not. Apache fails to load and here are the errors I am receiving the the error log file:
Code:
[Fri Aug 13 09:27:00 2010] [warn] RSA server certificate CommonName (CN) `newserver.domain.com' does NOT match server name!?
[Fri Aug 13 09:27:00 2010] [error] Unable to configure RSA server private key
[Fri Aug 13 09:27:00 2010] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
For the first warning, I cannot find anywhere that says the CN "newserver.domain.com", only what the CN is in the SSL key. I have no idea where to even start with the other errors.
View 1 Replies
View Related
May 4, 2010
I am at work right now and noticed my blog is down because of a database connection error. phpmyadmin wont load either it says theres an error, and webmin wont load either. So what would cause a mysql to go down? a hack or update? i am running ten.o four ubuntu server.
View 3 Replies
View Related
Apr 16, 2010
I've enabled LDAP authentication on my 2.2.15 Apache server, but now pages load very slowly. As in, 1.515s with it enabled, and 187.4ms without (just the base page, numbers collected via Firebug). Here's my LDAP config (other directives snipped) -
Code:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LDAPSharedCacheSize 500000
LDAPCacheEntries 2048
LDAPCacheTTL 3600
LDAPOpCacheEntries 2048
LDAPOpCacheTTL 3600 LDAPTrustedGlobalCert CA_DER ssl/ldapserver.der
<Directory "/example">
AuthType Basic
AuthBasicProvider ldap
AuthName "intranet credentials"
AuthLDAPURL "ldaps://ldap.example.com/ou=ldap,o=example.com?mail"
Require ldap-group cn=example,grp,ou=memberlist,ou=groups,o=example.com
How can I speed this up, or at least determine why it's so slow?
View 2 Replies
View Related
Jan 5, 2011
Simple task: I'd like to use uzbl, but I need to visit a couple of sites with client certificates. Chrome uses my local cert storage, I suppose uzbl can do that too. But how?
View 1 Replies
View Related
Jul 13, 2010
I am using the curl version 7.21.0. When I try the curl command from command like, things works fine for the http sites. But when I try https I get certificate error. I have source compiled curl with latest OpenSSL. I have also tried downloading the latest certificate bundle. With the same version of curl, same version of openssl with same certificate file I can get it work on the linux. But in the QNX OS I get this error.
./curl --cacert /mnt/temp/curl-ca-bundle.crt -v https://www.paypal.com
* About to connect() to proxy 172.16.2.17 port 8080 (#0)
* Trying 172.16.2.17... connected
[code]...
View 1 Replies
View Related
Mar 10, 2010
I have two Web server (RHEL 5.3) as cluster. i want to get a certificate for website. do i need to get two certificates for a website?
View 2 Replies
View Related
Dec 15, 2010
I am getting below message daily in RHEL 5.5 for certificate renewal. Can someone help the way of renewaling this
######################################################
On Wed, 15 Dec 2010 13:11:04 +0800, Root <root@miniserver.net> wrote:
> ################# SSL Certificate Warning ################
[code]....
View 11 Replies
View Related
Jul 7, 2011
I am testing about using SSL Certificate in apache web server using Ubantu 10.04.2 (64 bit edition). And I insert SSLcertificate and private.key file into "default-ssl" file in "sites-available" folder. But when I call the website, SSL certificate show "Could not verify this certificate for unknown reason".
Configuration in "default-ssl" is shown below
SSLCertificateFile /etc/apache2/ssl/mysite_com.cer
SSLCertificateKeyFile /etc/apache2/ssl/privatekey.key
SSLCACertificateFile /etc/apache2/ssl/SCAONE.cer
SSLCACertificateFile /etc/apache2/ssl/ROOTCA.cer
View 6 Replies
View Related
Dec 8, 2010
How I can create and install a formal SSL certificate for Fedora issued by Geocerts or Verisign?
View 1 Replies
View Related
Aug 19, 2010
I am trying to create a certificate case user logon via ssh. On the server I have openSSH and a few users. I want to be able to assign a user a certificate to connect remotely via SSH.
View 1 Replies
View Related
Apr 18, 2011
I started to prepare myself to RHCSA certificate from RedHat. In order to get this cert I have to pass exam EX200.THe best way to prepare would be to take part in courses RH124 and RH135 but I don't have cash for this and that's why I decided to prepare by myself.I downloaded ebook and have some experience in linux administration :McGraw.Hill.RHCE.Red.Hat.Certified.Engineer.Linux.Study.Guide.Exam.RH302.5th.Edition.Jun.2007Do you think that's enough to pass this EX200 exam ?Maybe someone have torrents to RH124 and RH135 courses ?
View 8 Replies
View Related
Jun 25, 2010
I have a problem related with certificate generation. I had successfully installed openssl. After that I do these.
[root@localhost openssl-1.0.0a]# cd /usr/local/ssl/misc
[root@localhost misc]# ./CA.sh -newca
CA certificate filename (or enter to create)
Making CA certificate ...
Generating a 1024 bit RSA private key
.........++++++
..........++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:KERALA
Locality Name (eg, city) [Newbury]:KOCHI
Organization Name (eg, company) [My Company Ltd]:squad
Organizational Unit Name (eg, section) []:SUPPORT
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:jk.r@squadinfotech.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:mahhghh
An optional company name []:mca
Using configuration from /etc/pki/tls/openssl.cnf
Enter pass phrase for ./demoCA/private/./cakey.pem:
I am unable to access the ../../CA/newcerts directory
../../CA/newcerts: No such file or directory
Distro:Centos 5.3 kernel 2.6.18
View 1 Replies
View Related
May 16, 2009
I am using following software on my web server:
RedHat 2.6.18-92.1.10.el5
Apache/2.2.3
Coldfusion 8
My webserver accesses a backend mySQL server using CentOS5
The last week, I have been getting a "page Load Error" on my web server whilst others told me they are getting a "broken link" error when they try to access my web site. It has been working fine for the last 12 months until last week.
ADSL, modem and router okay according to service provider (verizon)
I can ping my IP address and my domain name.
# netstat -tap
shows http and https both processes running.
# service httpd restart
no issues
I shut down firewall and tried again, but got the same "page load error".
View 3 Replies
View Related
Jul 7, 2010
We need to setup a load balancer (software) for an apache web service in order to balance the load between two servers.
In explenation:
- two physical servers exist that runs a web based application (exact copy of each other)
- Real servers using Apache as the web server.
- Users need to connect to a "virtual link" whihc will then load balance across the two servers based on the host that is the least busy.
Currently using Ultramonkey, however after upgrading to RHEL5.4 , Ultramonkey is no longer supported and installations fail.
Can anyone perhaps provide me with some ideas on alternative options for this keeping in mind that the client will have to be able to manage this afterwards as well.
View 2 Replies
View Related
