0 votes
1 view
in AWS by (19.2k points)

I'm having a hard time trying to set up an SSL certificate (it's a Comodo PositiveSSL from NameCheap) on my EC2 micro instance (I'm using Amazon Linux AMI 2012.3, which is based on CentOS if I'm not mistaken).

Here's what I did:

  • I installed mod_ssl & OpenSSL
  • I enabled port 443 on my EC2's instance security group
  • I CHMODed the *.key & *.crt files to 777 as Comodo suggested
  • I'm certain the IP address & files path is correct (put a bunch of 0s in the example but it is correct in my ssl.conf)
  • I added this VirtualHost entry to ssl.conf

<VirtualHost 00.000.000.00:443>

####### I tried both with & without this section ########

   ServerName www.mydomain.com:443

   ServerAlias www.mydomain.com

   DocumentRoot /var/www

   ServerAdmin [email protected]

   ######################################################

   SSLEngine on

   SSLCertificateKeyFile /etc/ssl/mydomain_com.key

   SSLCertificateFile /etc/ssl/mydomain_com.crt

   SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle

</VirtualHost>

Then I restarted apache...but I still cannot access https://www.mydomain.com/ !!!

I checked with ssltool.com, it says

The Common Name on the certificate is: ip-00-00-00-000

The certificate chain consists of:

SomeOrganization, ip-00-00-00-000. Expires on: Apr 10 13:39:41 2013 GMT - that's 363 days from today.

The site tested mydomain.com is NOT the same as the Subject CN ip-00-00-00-000!.

I even went & copied the virtual host to httpd.conf instead of ssl.conf & restarted apache, all in vain.

I've been banging my head against the wall for days now. I'm pretty sure I'm missing a tiny something to make this work, I just don't know what exactly.

1 Answer

0 votes
by (44.6k points)

So, this section below

<VirtualHost _default_:443>

Can stop your real SSL certificate from being used. So, you can either comment it or put your SSL certificates inside it.

<VirtualHost _default_:443>

  SSLCertificateKeyFile /etc/ssl/mydomain_com.key

  SSLCertificateFile /etc/ssl/mydomain_com.crt

  SSLCertificateChainFile /etc/ssl/mydomain_com.ca-bundle

</VirtualHost>

After that, restart your Apache server

Welcome to Intellipaat Community. Get your technical queries answered by top developers !


Categories

...