Wildcard SSL certificate in Apache 2.2 and Ubuntu 13.04

Asked

Viewed 153 times

0

I am trying to install a Wildcard SSL certificate on an Ubuntu 13.04 server with Apache 2.2, with 3 Virtualhosts:

sites-enabled: 000-default intranet.dominio.com forum.dominio.com

sites-available: default default-ssl intranet.dominio.com forum.dominio.com

I put 3 certificates in the /etc/apache2/ssl folder. My certificate with the . crt extension, my private key with the extension. key and CA certificate also with extension . crt.

Arquivo ports.conf:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

Filing cabinet intranet.dominio.com of the websites-available folder:

I changed the intranet.com file.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost:    
    DocumentRoot /var/www/intranet
    ServerName intranet.dominio.com
    ServerAlias intranet.dominio.com
    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    <Directory /var/www/intranet/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn    
    CustomLog ${APACHE_LOG_DIR}/access.log combined    
</VirtualHost>

  <VirtualHost *:443>
    ServerAdmin webmaster@localhost:    
    DocumentRoot /var/www/intranet
    ServerName intranet.dominio.com
    ServerAlias intranet.dominio.com
    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    <Directory /var/www/intranet/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/certificado.crt
SSLCertificateKeyFile /etc/apache2/ssl/pvd_cert.key
SSLCACertificateFile    /etc/apache2/ssl/alpha.crt

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn    
    CustomLog ${APACHE_LOG_DIR}/access.log combined    
</VirtualHost>

When changing the file by adding Virtualhost *443 and restarting apache, it gives error in it and no site works. Only works if Virtualhost is removed *:443

I don’t know if it’s some wrong configuration or if I exported my wrong certificate.

  • and what error is being made when starting apache?

  • It displayed the message: [warn] Namevirtualhost *:443 has on Virtualhosts. Apache did not, but I found the error.

1 answer

0

When configuring Virtualhost, in some versions of Apache, you should use the Sslcacertificatechainfile directive instead of Sslcacertificatefile. After this change Apache went up and the certificate was functional.

Correct configuration:

<VirtualHost *:443>
   ...
    SSLEngine on
    SSLCertificateFile    /etc/apache2/ssl/certificado.crt
    SSLCertificateKeyFile /etc/apache2/ssl/pvd_cert.key
    SSLCACertificateChainFile    /etc/apache2/ssl/alpha.crt
    ...
</VirtualHost>

https://knowledge.digicert.com/solution/SO15169.html

Browser other questions tagged

You are not signed in. Login or sign up in order to post.