Re: [users@httpd] New install of Apache not accepting client certs
D'Arcy J.M. Cain wrote: I just upgraded my Apache from 2.4.7 to 2.4.9 and now my clients' cert give me a server certificate does NOT include an ID which matches the server name error and it serves the system cert instead which fails because it doesn't match the domain. Here is an example (sanitized) entry in my httpd.conf. Any ideas? I am reverting to 2.4.7 in the meantime. VirtualHost 256.256.256.256:443 ServerName wwws.example.com DocumentRoot /u/WEB/user ServerAdmin webmas...@vex.net SuexecUserGroup user user Include /VEX/templates/www/httpd-ssl.conf SSLCertificateFile /VEX/certs/wwws.example.com.cert SSLCertificateKeyFile /etc/certs/wwws.example.com.key /VirtualHost -- /VEX/templates/www/httpd-ssl.conf contains this: SSLEngine on Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 Running your site through this tool might help... https://www.ssllabs.com/ssltest/index.html And... Make sure your host still points to the exact same IP address. Likely many of the SSL certificate checkers will help. Just google... ssl certificate checker - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] New install of Apache not accepting client certs
I just upgraded my Apache from 2.4.7 to 2.4.9 and now my clients' cert give me a server certificate does NOT include an ID which matches the server name error and it serves the system cert instead which fails because it doesn't match the domain. Here is an example (sanitized) entry in my httpd.conf. Any ideas? I am reverting to 2.4.7 in the meantime. VirtualHost 256.256.256.256:443 ServerName wwws.example.com DocumentRoot /u/WEB/user ServerAdmin webmas...@vex.net SuexecUserGroup user user Include /VEX/templates/www/httpd-ssl.conf SSLCertificateFile /VEX/certs/wwws.example.com.cert SSLCertificateKeyFile /etc/certs/wwws.example.com.key /VirtualHost -- /VEX/templates/www/httpd-ssl.conf contains this: SSLEngine on Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
