And what happens if you use: /manage.py runmodwsgi --https-only --https-port 8443 --server-name my_server_name.com <http://my_server_name.com/> --ssl-certificate-key-file /apps/django_app/keystore/host_name.key --ssl-certificate-file /apps/django_app/keystore/server_name.crt
The --host argument shouldn't be necessary as it would listen on all host interfaces anyway. If you still get warning: > RSA certificate configured for ?.?.?.?:8443 does NOT include an ID which > matches the server name it would suggest the certificate you were given is not for the host "my_server_name.com <http://my_server_name.com/>" that you are giving as argument to --server-name. > On 22 Nov 2021, at 4:34 pm, Shetu <shetu...@gmail.com> wrote: > > Hi Graham, > > I extracted the private key into .key file. The application is running on > www.server_name.com:8443 <http://www.server_name.com:8443/>. I added --host > parameter also to the mod_wsgi startup command to see whether it runs or not > on https port if I use ip address of the server instead of server_name in the > url but it does not work. I am getting this warning in the logs:- > > [Mon Nov 22 05:16:19 2021] [ip AH01909: RSA certificate configured for > 0.0.0.0:8443 does NOT include an ID which matches the server name > [Mon Nov 22 05:16:19 2021] [ip AH02292: Init: Name-based SSL virtual hosts > only work for clients with TLS server name indication support (RFC 4366) > [Mon Nov 22 05:16:19 2021] [ip AH01873: Init: Session Cache is not configured > [hint: SSLSessionCache] > [Mon Nov 22 05:16:19 2021] [ip AH01909: RSA certificate configured for > 0.0.0.0:8443 does NOT include an ID which matches the server name > [Mon Nov 22 05:16:19 2021] [ip AH02292: Init: Name-based SSL virtual hosts > only work for clients with TLS server name indication support (RFC 4366) > [Mon Nov 22 05:16:19 2021] [ip AH00489: Apache/2.4.46 (Unix) mod_wsgi/4.7.1 > Python/3.6 OpenSSL/1.0.2k-fips configured -- resuming normal operations > > Here is the mod_wsgi startup command:- > > /manage.py runmodwsgi --https-only --https-port 8443 --host 0.0.0.0 > --server-name my_server_name.com <http://my_server_name.com/> > --ssl-certificate-key-file /apps/django_app/keystore/host_name.key > --ssl-certificate-file /apps/django_app/keystore/server_name.crt > > Will this configuration work if I assign a DNS to this host or do I need to > add some more configuration here since it does not work with ip address? Also > if I remove --server-name from the command and just keep --host, it does not > work. > > Regards, > Shetu > > > On Friday, November 19, 2021 at 12:59:09 PM UTC+5:30 Graham Dumpleton wrote: > It is not uncommon to have files in a different format to what is required > and you need to convert and even possibly extract out just the private key > from a file which contains multiple things. You are going to need to look at > docs for your certificate authority to understand what is the private key or > how to extract/convert it to what Apache wants from what you have been given. > > You want the file necessary for SSLCertificateKeyFile directive in Apache. > > https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatekeyfile > <https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslcertificatekeyfile> > > Graham > > >> On 19 Nov 2021, at 6:16 pm, Shetu <shet...@gmail.com >> <applewebdata://AFA47964-0161-4728-84F7-E276873308AB>> wrote: >> > >> I have the following set of keys and certificates which I got from the >> certificate authority:- >> >> host_name.csr >> server_name.crt >> Intermediate-CA.pem >> ROOT-CA.pem >> host_name.keystore.original >> host_name.keystore >> >> I have set the key file as the .pem file but still getting this error:- >> >> [Fri Nov 19 07:10:33 2021] [ip AH02203: Init: Private key not found >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D0680A8:asn1 >> encoding routines:ASN1_CHECK_TLEN:wrong tag >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D08303A:asn1 >> encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D0680A8:asn1 >> encoding routines:ASN1_CHECK_TLEN:wrong tag >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D07803A:asn1 >> encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error (Type=RSA) >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:04093004:rsa >> routines:OLD_RSA_PRIV_DECODE:RSA lib >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D0680A8:asn1 >> encoding routines:ASN1_CHECK_TLEN:wrong tag >> [Fri Nov 19 07:10:33 2021] [ip SSL Library Error: error:0D07803A:asn1 >> encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error >> (Type=PKCS8_PRIV_KEY_INFO) >> [Fri Nov 19 07:10:33.592064 2021] [ssl:emerg] [pid 18369:tid >> 140598354167616] AH02312: Fatal error initialising mod_ssl, exiting. >> >> >> >> On Friday, November 19, 2021 at 12:38:14 PM UTC+5:30 Graham Dumpleton wrote: >> Are you sure you are using the correct file for the private key? I have >> never seen a convention of the private key file having a '.keystore' >> extension. Would usually be a .pem file extension. >> >> Graham >> >> >>> On 19 Nov 2021, at 6:05 pm, Shetu <shet...@ <>gmail.com >>> <http://gmail.com/>> wrote: >>> >> >>> Getting these errors :- >>> [Fri Nov 19 06:57:36 2021] [ip AH02203: Init: Private key not found >>> [Fri Nov 19 06:57:36 2021] [ip SSL Library Error: error:0D07207B:asn1 >>> encoding routines:ASN1_get_object:header too long >>> [Fri Nov 19 06:57:36.717374 2021] [ssl:emerg] [pid 12557:tid >>> 139779757414208] AH02312: Fatal error initialising mod_ssl, exiting. >>> >>> >>> I have also added the server name in the command >>> >>> On Friday, November 19, 2021 at 12:10:21 PM UTC+5:30 Graham Dumpleton wrote: >>> What are the error messages you are getting and where? >>> >>> Also be aware you must supply the --server-name option with the hostname of >>> the site which matches what you set in the certificate. >>> >>> >>>> On 19 Nov 2021, at 5:36 pm, Shetu <shet...@ <>gmail.com >>>> <http://gmail.com/>> wrote: >>>> >>> >>>> Hi Graham, >>>> >>>> I am using modwsgi express to run my Django application on mod_wsgi Apache >>>> server. I am not able to start my server on https port although it works >>>> on http port. >>>> >>>> This is the command I used to start the server(mentioned only https and >>>> ssl parameters) >>>> >>>> ./manage.py runmodwsgi --https-only --https-port 8443 >>>> --ssl-certificate-key-file /apps/django_app/keystore/server_name.keystore >>>> --ssl-certificate-file /apps/django_app/keystore/server_name.crt >>>> >>>> Please let me know where I may be going wrong. >>>> >>>> Regards, >>>> Shetu >>>> >>>> >>>> >>> >>>> -- >>>> You received this message because you are subscribed to the Google Groups >>>> "modwsgi" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to modwsgi+u...@ <>googlegroups.com <http://googlegroups.com/>. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/modwsgi/e7ccbe41-a58f-44db-852a-fd1e618a99bfn%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/modwsgi/e7ccbe41-a58f-44db-852a-fd1e618a99bfn%40googlegroups.com?utm_medium=email&utm_source=footer>. >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "modwsgi" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to modwsgi+u...@ <>googlegroups.com <http://googlegroups.com/>. >> >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/modwsgi/f087841a-360e-489b-b3bd-6ff915a666dfn%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/modwsgi/f087841a-360e-489b-b3bd-6ff915a666dfn%40googlegroups.com?utm_medium=email&utm_source=footer>. >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "modwsgi" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to modwsgi+u...@googlegroups.com >> <applewebdata://AFA47964-0161-4728-84F7-E276873308AB>. > >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/modwsgi/4a18ebc9-4dd1-4c91-b0cd-08d7909197bcn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/modwsgi/4a18ebc9-4dd1-4c91-b0cd-08d7909197bcn%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to modwsgi+unsubscr...@googlegroups.com > <mailto:modwsgi+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/modwsgi/aa80e74d-4e9d-4fb7-ba6a-9804d9466215n%40googlegroups.com > > <https://groups.google.com/d/msgid/modwsgi/aa80e74d-4e9d-4fb7-ba6a-9804d9466215n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to modwsgi+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/16331E73-2575-4CAD-9D47-612C147E419D%40gmail.com.
