{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Emotional °昔 的问题《Cannot setup SSL keys on my apache server in AWS E》','https://www.manongdao.com/q-739793.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an EC2 instance on AWS, with Apache server.
I purchased an SSL certificate from Comodo and installed the following files in /etc/pki/tls/private/: server.ca-bundle server.crt server.key
I also added the following lines to /etc/httpd/conf/httpd.conf:
<VirtualHost www.mydomain.com:443>
ServerName www.mydomain.com
DocumentRoot "/var/www/html"
SSLENGINE on
SSLCertificateFile /etc/pki/tls/private/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCertificateChainFile /etc/pki/tls/private/server.ca-bundle
</VirtualHost>
and restarted the http server.
But when trying to access my site through https://www.mydomain.com there is a certificate error warning (but if I continue through the warning, the site shows well).
I checked with ssltool.com and got: The site tested www.mydomain.com is NOT the same as the Subject CN ip-10-203-65-225! Needless to say, the key file was created with my domain name (CN=www.mydomain.com) and not with the name containing the ip. When I enter "hostname" in the unix shell, I indeed get 'ip-10-203-65-225', which is something that Amazon gave it automatically. But even if I change it (in /etc/sysconfig/network) it is still seen as ip-10-203-65-225.
On the other hand, the same problem is viewed without installing the keys: Even if I remove those lines from httpd.conf, and remove the key files, the browsers warn about a certificate error, as if there is a self-signed certificate and with the same error on ssltool.com. So it seems that it's not that my key files are invalid but rather that the server doesn't use them at all...
I'm totally confused. Please can anybody help?
Your certificate was issued to a Common Name (CN) matching the hostname of your EC2 instance. You need to create a new CSR using the correct hostname and go through the entire process again. When you generate the new CSR, be sure to change the CN rather than accept the default.
For some reasons, none of the pages I visited to seek for the answer mentioned that the above lines should be in
and not in
(and not inside a <virtualHost> section)