tags:

views:

62

answers:

2
Q: 

SSL Certificate change in Apache (Could not reliably determine the server's fully qualified domain name)

Hi An SSL certificate expired on one of my servers and I ordered a new one from godaddy. But if i replace the server.crt , the chain certificate and the server.key (the key used to generate the csr file) end up getting the ERROR

Could not reliably determine the server's fully qualified domain name

Note :

  1. I have not made any changes in any configuration files.
  2. I simply replaced the old certificates and key with the new one.I checked the key andcertificate matched.
  3. I am using Apache 2.2 on Windows 2003 server edition. I am restarting the server after the change.
  4. The server starts up fine if I revert back to the old certificates.

What could be the problem,I dont know how SSL certificates could result in this error.

A: 

you have to edit the /etc/apache2/apache2.conf and, at the end of the file, add: 

servername myserver

place your server name in place of myserver.

also check this file:

/etc/hosts

make sure it matches your hostname. also make sure the fully qualified domain name is listed first. i.e.:

127.0.0.1 localhost.localdomain localhost

YoK  2010-07-24 16:28:22
It did not work.I m working on windows and made the change in "C:\Prg Files\system32\drives\etc\hosts"But there is one thing which dont understand is that why the apache starts correctly which the same server setting with the old certificates,but not the new olds.
frictionlesspulley  2010-07-24 20:34:50
Can you please post exact error messages you get?
YoK  2010-07-25 03:15:43
Did you fix problem ?
YoK  2010-07-26 11:45:12
I am getting this error whenever i start the apache service "The Apache service named reported the following error:>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using XXX.XXX.XXX.XXX for ServerName"but when i checked the ipaddress of the machine it was XXX.XXX.XXX.XXY..I dont get the error when I use the old security certificates.Is it possible that in any way the SSL certificates are associated with ip addresses.
frictionlesspulley  2010-07-27 15:21:59
Did you check your hosts file for entry of ipaddress Server is complaining ? Also Certificate should be attached to site name, It should not be attached to ipaddress. This could be problem in your case. You can Check details about certificate using "keytool" utility provided by JDK.
YoK  2010-07-27 16:50:30
@frictionlesspulley did you find some solution to your problem ?
YoK  2010-08-08 14:25:46
opening the certificate shows that the certificate has been issued to the correct domain..No I didnt find the solution.
frictionlesspulley  2010-08-09 17:46:55
A: 

The problem was in the combination of 1. server.crt 2. server.key (the private key used for generating the .csr used in creating the certificate. 3. ca.crt (the chain certificate)

I verified the private key issued using this article http://helpdesk.wisc.edu/middleware/page.php?id=4064 , But I was not using the chain certificate. However the error in Apache was really ambiguous which led to further confusion.

frictionlesspulley  2010-09-27 16:14:12

related questions

How to fix Apache instability ?
Apache Redirect Rule Always fires on every request
Disabling non-secure access for only one URL on one instance of apache
PHP4 for Apache 2.2.9 in Ubuntu server 8.10
What Virtual Host Definitions do I need to support subdomain.mydomain.com and *.mydomain.com on the same IP Address on Apache 2?
What access does Apache 2.0 need in Windows Server 2003 in order to start as a service?
Using Subversion and Apache
How to fix apache2 timestamps, incorrect values
Why is _POST sometimes empty when a textarea is posted in PHP
How to make Apache/mod_python process collect its zombies?
Apache development config on OS X (again)
Windows could not start the Apache2 on Local Computer - problem
Alternative Reverse Proxy Architecture Directions
Can I run LAMP and Rails from the same Apache instance?
Apache configuration help -- Why are different processes "in" different time zones?
Is there any way to determine the amount of time a client spends on a web page
Apache/Rails/Passenger Displaying Site Index?
How can I use post-commit hooks to copy committed files to a web directory from SVN?
Running Apache without explicitly declaring listening on ports such as :3000 or :6600
Apache rate limiting options
Intra-process coordination in mod_perl under the worker MPM
Licensing: Changing Apache License v2 code to GPLv3 licensed code
Django + FCGID on Fedora Core 9 -- what am I missing?
How do I install modperl under OS X Leopard's default Apache 2?
Failures caused by logrotate on Apache 2 with passphrase protected SSL key