Apache httpd conf file configuration mismatch

linux apache-2.2 ssl

I have been facing a weird problem since last 3 days; I have done what was all required for me to do before posting my question here.

My httpd.conf looks like below:

NameVirtualHost *:443
Listen *:443
<VirtualHost server1.example.com:443>
ServerName server1
#ServerName server1.example.com
SSSLEngine on
</VirtualHost>

SSL applied on server1.example.com, however after everything when we go to the website it only works on ServerName server1, not on ServerName server1.example.com. We dont have server1 in any of the configuration and network file.

So when we do this https://server1.example.com/xyz/ --- it works with ServerName server1 but does not work with ServerName server1.example.com.

Where is the problem here; I am not getting it. /etc/hosts, /etc/sysconfig/network, nowhere we have server1; even in the DNS too.

Please suggest.

This is what we get in Error Log:

[Thu Nov 24 11:40:14 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:40:14 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:40:14 2016] [notice] Digest: done
[Thu Nov 24 11:40:14 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:40:14 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:40:14 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Nov 24 11:49:47 2016] [notice] caught SIGTERM, shutting down
[Thu Nov 24 11:49:47 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 24 11:49:47 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate CommonName (CN) `server1' does NOT match server name!?
[Thu Nov 24 11:49:47 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:49:47 2016] [notice] Digest: done
[Thu Nov 24 11:49:47 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate CommonName (CN) `server1' does NOT match server name!?
[Thu Nov 24 11:49:47 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Nov 24 11:55:19 2016] [notice] caught SIGTERM, shutting down
[Thu Nov 24 11:55:20 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 24 11:55:20 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:55:20 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:55:20 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:55:20 2016] [notice] Digest: done
[Thu Nov 24 11:55:20 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:55:20 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:55:20 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations

Solution 1:

Try 

<VirtualHost *:443>
ServerName server1.example.com
ServerAlias server1
SSLEngine on
</VirtualHost>

You want the wildcard in the VirtualHost statement to turn off IP based vhost mapping. http://httpd.apache.org/docs/2.4/vhosts/name-based.html

Note the fixed line (SSLEngine instead of SSSLEngine).

Solution 2:

ServerName server1.example.com
ServerAlias server1

Solution 3:

Try changing your configuration to this:

NameVirtualHost *:443
Listen *:443
<VirtualHost *:443>
ServerName server1.example.com
ServerAlias server1
SSSLEngine on
</VirtualHost>

I tend to avoid using hostnames in the VirtualHost directive. If DNS or any aspect of the hostname lookup process breaks, either on your server, or on DNS servers your server is pointing to/using, and Apache is unable to determine what server1.example.com resolves to at initial start up, it will not load the virtual host configuration.

Secondly, ServerName is the string presented in error pages (404 not found, 500 internal error etc) and the "primary name" for your website, so I tend to use the fully qualified hostname for ServerName. If I then need the site to be accessed by further names, I add these (one or more) using the ServerAlias directive (you can either have multiple lines of ServerAlias or give more than one name per ServerAlias line).

But since this is SSL, I highly suspect you will find there is a certificate mismatch occurring when accessing via just server1, though this should still work if you ignore browser security warnings.

Related

Sharing NFS datastore between data centers
How to do restore test with limited testing resources?
KVM Live or Near-Live Migration from LVM to filesystem backend
Can I configure AC Power Restored option via iDRAC on a Dell PowerEdge server?
Debian: Get list of installed packages while in rescue mode
Large AWS Regional Data Transfer cost; ELB to blame?
bind dns entries not updating from master to slave
mount.cifs: mount error(112): Host is down
How do I remove internet access from a Google Instance?
why is php-fpm spawning and destroying hundreds of children per second with no server load?
How to add more physical disks to a mirror vdev (to increase redundancy)?
How to determine which process is sending UDP packets once per hour?