Your connection is not private

soksal · January 17, 2017, 7:39am

Hello everyone,

I am using centos6 and I already had certificate for some domains on my server and it is working well. Now I am trying use new domain on the same server. I also got new certificate for new domain and then I configure d that new certificate in Apache2 as my old configuration pattern, but the browser response as below error:

=============== Chrome Error ==========================
Your connection is not private

Attackers might be trying to steal your information from myNewdomain.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is myNewdomain.com; its security certificate is from myOlddomain.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

====================================================

I would like to ask how can i fix this bug?
Thanks you

serverco · January 17, 2017, 8:17am

Did you reload apache after changing the configuration to point to the new certificate ?

From the error, it looks as if it’s still using the old cert - hence the problem is either the configuration is still pointing to the old cert, or you haven’t reloaded the config.

soksal · January 17, 2017, 9:40am

@serverco

Yes I did, After changing the configuration I already restart apache, but it still using old cert.

Noted: I have use two cert in apache configuration file(httpd-ssl.conf). The old one is working well, but the second one doesn’t working.
==============httpd-ssl.conf================
Listen 443
NameVirtualHost *:443
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
SSLHonorCipherOrder on

+domain1.com
ServerName domain1.com
SSLEngine on
SSLCertificateFile /home/web/cert/all/domain.crt
SSLCertificateKeyFile /home/web/cert/all/domain.key
SSLCertificateChainFile /home/web/cert/all/intermediate.pem

+domain2.com
ServerName domain2.com
SSLEngine on
SSLCertificateFile /home/web/cert/emp/domain.crt
SSLCertificateKeyFile /home/web/cert/emp/domain.key
SSLCertificateChainFile /home/web/cert/emp/intermediate.pem

=================================================

Can I use two cert on one server? If it is ok:

What is my mistake?

Best regards

Osiris · January 17, 2017, 9:18pm

Please put the config within the “code markup” (select the text and click on the “</>” logo). I am missing a lot of directives like <VirtualHost> et cetera.

jsha · January 18, 2017, 1:13am

Also, it will be much easier to solve your problem if you post your real domain names, so people can check their configuration.

Thanks,
Jacob

system · February 17, 2017, 1:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.