SSL Certificate with error

September 5, 2014 45.2k views
capone
By:
capone

Hi People.

We got certificate from Geotrust and try to install in server ubuntu - apache2 - openssl but show to us everytime same error:
AH01909: RSA certificate configured for www.xxx.com:443 does NOT include an ID which matches the server name

The conf apache file is correct same instructions:

<VirtualHost xxx.com:443>
  ServerAdmin webmaster@xxx.com
  DocumentRoot "/var/www/xxx/htdocs"
  ServerName xxx.com
  DirectoryIndex index.html index.php
  ErrorLog /var/www/xxx/log/ssl_error.log
  TransferLog /var/www/xxx/log/ssl_access.log
  SSLEngine On
  SSLProtocol all

  ServerPath "/var/www/lenharomegastore/htdocs"


  SSLCertificateFile /var/www/xxx/ssl2/xxx.crt
  SSLCertificateKeyFile /var/www/xxx/ssl2/xxx.key
  SSLCertificateChainFile /var/www/xxx/ssl2/positive_bundle.crt
  SSLCACertificateFile /var/www/lenharomegastore/ssl2/positive_bundle.crt

  <Directory "/var/www/XXX/htdocs">
     AllowOverride All
     Options Indexes Includes FollowSymLinks
     Order allow,deny
     Allow from all
  </Directory>
</VirtualHost>

We already verified if certificate is perfect with command

openssl x509 -in lenharomegastore.crt -noout -subject

and show to us

subject= /OU=Domain Control Validated/OU=PositiveSSL/CN=xxx.com

Thanks a lot friends

1 comment
Log In to Comment
25 Answers
stabidlo September 6, 2014

add the following to virtualhost configuration

ServerAlias www.xxx.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www(.)$
RewriteRule ^(.)$ https://xxx.com [R=301,L]

Reply
TonyTsang September 5, 2014

If the common name is xxx.com, then you can only use that cert on xxx.com but not www.xxx.com.

You may contact Geotrust to see if they can revoke the current cert and reissue a new cert with CN www.xxx.com. Otherwise you may have to buy another cert only for www.xxx.com.

Most cert authorities will include the root domain as an alias, so you don't have to buy cert specifically for the root domain.

Reply
capone September 7, 2014

Hi Tony and Stabidlo.

Thanks a lot for the informations.

Tony:
The Certificate is correct only with xxx.com not www.xxx.com

stabidlo
We try to adjust apache adding this configuration but same error show in apache´s log:

[Sun Sep 07 00:24:13.977344 2014] [ssl:warn] [pid 22537] AH01909: RSA certificate configured for www.xxx.com:443 does NOT include an ID which matches the server name

I already tried to adjust a lot of ways but not work, the certificate is perfect, and I already verifiy all configuration in the apache, this is a crazy.

Thanks friends

Reply
  • stabidlo September 7, 2014

    Just out of curiosity, try this in /etc/apache2/ (or whatever the root config dir in ubuntu is)

    grep -r -i www.xxx.com *

    It would be nice to see if this domain name is configured anywhere in apache configuration
    It's just annoying warning, should not have an impact on functionality, anyway it would be good to understand where it is coming from :-)

  • capone September 8, 2014

    Hi Friends.

    With command :

    grep -r -i www.xxx.com *

    The Results:

    sites-available/www.xxx.com.conf:        ServerAlias www.xxx.com xxx
sites-available/www.xxx.com.conf:#  ServerAlias www.xxx.com

    Thanks

  • stabidlo September 8, 2014

    What happens when you change the ServerName to www.xxx.com?

jasonp September 29, 2014

openssl x509 -in lenharomegastore.crt -noout -subject
subject= /OU=Domain Control Validated/OU=PositiveSSL/CN=xxx.com

Check given command, it seems that the SSL is issued by comodo.

As your said in your question,you purchased SSL certificate from GeoTrust. Please check you have configured new GeoTrust SSL certificate.

“does NOT include an ID which matches the server name”

at first impression, the reason behind this error is due to your domain name in SSL certificate does not match your real domain name. You should make sure that the common name and SAN domain names, both should match your primary domain name.

If you can not resolve the issue with given tips, you can contact our chat support @ ssl2buy.com. Ask for this discussion reference; so that they can provide you free support. SSL certificate is purchased from us or elsewhere, does not matter. We’ll provide you free cost installation and technical support.

Reply
ns903816 April 3, 2017
[deleted]
Reply
saliniverma116 June 2, 2017
[deleted]
Reply
minakshijangid July 11, 2017

Nice Post, Good Info, thanks for sharing

REET Application Form

Reply
minakshijangid July 11, 2017
Reply
awerkumar1234 August 2, 2017
[deleted]
Reply
tarunbishnoihsr November 6, 2017

very nice information you share with us. thanks for this
watery cervical mucus

Reply
komali19sharma March 11, 2018
Reply
komali19sharma March 11, 2018
Reply
komali19sharma March 11, 2018
Reply
tarunbishnoihsr March 19, 2018

What is the process of certification. I also want to get ssl certification. please tell me the process.
acne

Reply
tarunbishnoihsr March 27, 2018
Reply
tarunbishnoihsr March 29, 2018
Reply
coolinternet123 April 20, 2018
[deleted]
Reply
josh92 May 2, 2018

I am also Facing this Issue in one of my Blog based on RRB Ajmer Group D Admit Card

Reply
singhsolutions May 7, 2018

I was facing the same SSL issue with one of my client's website based in Delhi

Reply
tarunbishnoihsr May 9, 2018

can some one help to resolve the same issue.
Lyricsism

Reply
ramnivash21 May 12, 2018

check my website MP Board Time Table

Reply
rituranicf12345 June 6, 2018

Thanks For Sharing The Info With Us..Keep Up The Good Work.
SSC CHSL NOTIFICATION

Reply
tarunbishnoihsr June 13, 2018

i am looking for the same. thanks
New Punjabi Songs 2018

Reply
sachinogeninfo June 27, 2018

Wow nice share with me
lyrics with music

Reply
minionrussh July 10, 2018

Great ideas, i love your article. It gives me more ideas on home to organize my room with my shoes and stuff for my children.Keep up the good work

Reply
Have another answer? Share your knowledge.