Can't make httpd use correct SSL
Solution 1:
SSLCACertificateFile /var/cosign/certs/CA/publickey.pem
Unless that PEM file actually contains the CA certificate for the client certificates you wish to grant access, this is incorrect; to provide apache with a certificate chain, use SSLCertificateChainFile instead.
Apache must have the actual certificate and any intermediate certificates used to sign/produce the endpoint certificate, up to and including a root certificate that is trusted by browsers.
To verify the certificate they gave you, run:
openssl verify -CApath /path/to/CA/certs -purpose sslserver -verbose /your/certificate
Quite apart from the certificate issues, you're missing an SSLRequireSSL directive in your vhost; without it, apache will not check for a secure connection.
You should also not use _default_ as the virtualhost, and you're missing a ServerName.
Use either *:443 or IP:443 as the virtualhost.
Every vhost must have a valid ServerName set, and in addition, an SSL vhost must have a ServerName that corresponds to the certificate's CN.
For example:
<VirtualHost 1.2.3.4:443>
ServerName your.certificates.common.name
ServerAlias any.subject.alternate.names
DocumentRoot /your/protected/content
SSLEngine On
SSLCertificateChainFile /path/to/your/issuers/CA/cert/bundle
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyfile /path/to/your/private.key
-OR-
SSLCertificateFile /path/to/your/combined.cert-and-keyfile
SSLRequireSSL
</VirtualHost>
Study the documentation for a bit.
Solution 2:
Run
# Debian/Ubuntu
apache2ctl -S
# RHEL/CentOS
httpd -S
It should produce something like this:
*:443 is a NameVirtualHost
default server hostname (/etc/apache2/sites-enabled/000-default:1)
port 443 namevhost hostname (/etc/apache2/sites-enabled/000-default:1)
Verify that you run the openssl command with the correct hostname to access your vhost, I'm assuming you have multiple vhosts for port 443 and the one that was defined in your distro's default setup takes precedence.