Need help with SSL on Apache

Issues related to applications and software problems
User avatar
Forum Moderator
Posts: 28867
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Need help with SSL on Apache

Post by TrevorH » 2020/03/26 00:35:19

The host command only looks at dns which is why I subsequently edited my original post and changed it to ping.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Posts: 19
Joined: 2019/05/18 01:23:19

Re: Need help with SSL on Apache

Post by cheddargeorge » 2020/03/26 02:55:58

Okay, the most relevant log entry I could find was:

Code: Select all

$ sudo cat httpd/ssl_error_log
[Wed Mar 25 23:52:31.445983 2020] [ssl:warn] [pid 44623] AH01909: RSA certificate configured for does NOT include an ID which matches the server name
So, hunted around some more for anything which might help, and came across this: ... entos-5238
(I purchased the certificate from GoDaddy, so I figured this might be useful).

Still, I'm kinda confused with those directions. So, starting from scratch, I re-downloaded the certificate bits from GoDaddy, for Apache, which is a zip file comprising of three files: bb6d0c0348ed0020.crt, bb6d0c0348ed0020.pem, and gd_bundle-g2-g1.crt.

Uploaded the files, and, as per the instructions, put the two crt files into /etc/pki/tls/certs/. Amended the permissions accordingly. Modified the VirtualHost, per below:

Code: Select all

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/bb6d0c0348ed0020.crt
SSLCertificateKeyFile /etc/pki/tls/private/lac.key       <------  ????
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt
However, the instructions don't mention anything about SSLCertificateKeyFile, or the .pem file. The "lac.key" which I have there is from when I was trying to get it working previously, having followed other directions.

So, bottom line; I'm guessing most of my issues with this are relating to the certificate; however, the GoDaddy instructions seem a bit incomplete to me, and I'm not sure what I'm meant to do with the .pem file, or what is supposed to go in the SSLCertificateKeyFile entry of the VirtualHost.

Anyway, figured it wouldn't work as-is, but tried it anyway. If anyone is able to provide additional clarification it would be appreciated. Thank you very much.

Post Reply

Return to “CentOS 7 - Software Support”