Selfsigned SSLCertificate still shows even when it has been replaced with the authority signed one

GeneraWeb 2019-02-08 15:52:51 UTC #1

Keywords: LAMP/MAMP/WAMP - Google Cloud Platform - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 986e517c-038f-1087-5fc9-cbfd6ad5b92f
Description:
I've generated the cert.csr and sent it to the authority and got back the hayfuturo_mx.crt and ca-bundle-client.crt , I've replaced them on /opt/bitnami/apache2/conf folder and edited the bitnami.conf file (on /opt/bitnami/apache2/conf/bitnami folder) with the corresponding files:

SSLCertificateFile "/opt/bitnami/apache2/conf/hayfuturo_mx.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
SSLCertificateChainFile "/opt/bitnami/apache2/conf/ca-bundle-client.crt"

Then restarted the server but when visit the site it still shows a self-signed untrusted certificate .

I've also ran the MD5 hash test on the three files and it matches correctly:
openssl x509 -noout -modulus -in hayfuturo_mx.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5
openssl req -noout -modulus -in cert.csr | openssl md5

michiel 2019-02-11 11:17:44 UTC #2

Our Troubleshooting SSL guide
contains solutions to the most common issues. Could you check it to see if it helps in your case?

GeneraWeb 2019-02-11 18:49:51 UTC #3

Yes, all of them and cannot get the new certificate to be used

michiel 2019-02-12 12:28:58 UTC #4

The use of SSLCertificateChainFile is deprecated. Can you check if commenting out SSLCertificateChainFile solves the issue?

SSLCertificateFile "/opt/bitnami/apache2/conf/hayfuturo_mx.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/server.key"
#SSLCertificateChainFile "/opt/bitnami/apache2/conf/ca-bundle-client.crt"

And then restart apache?

sudo /opt/bitnami/ctlscript.sh restart apache

Please, click on if you think my answer was helpful

GeneraWeb 2019-02-12 16:47:09 UTC #5

Nope, it stills shows the self signed certificate

I have also look for any .crt file on the /opt/bitnami/ folder and subfolders, and I couldn't locate that self-signed certificate file, the only .crt files found are the certificates I've replaced on the apache2/conf/ folder and a curl-ca-bundle.crt on /opt/bitnami/common/openssl/certs

michiel 2019-02-13 10:39:34 UTC #6

A colleague will contact you soon to help you with this issue.

jsalmeron 2019-02-14 08:58:19 UTC #7

Hi,

Indeed, it seems that it shows the self signed-certificate. Could you analyze the content of the provided certificates to check if the data is correct?

openssl x509 -in /opt/bitnami/apache2/conf/hayfuturo_mx.crt -text -noout

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

GeneraWeb 2019-02-14 19:53:49 UTC #8

I have replaced again the crt file, and now it's working

jsalmeron 2019-02-18 08:19:57 UTC #9

Hi,

Good to know! Please do not hesitate to open a new thread if you find more issues.

Best regards,

Javier J. Salmerón

Was my answer helpful? Click on

jsalmeron 2019-02-18 08:20:01 UTC #10

Bitnami provides free all-in-one installers, virtual machines and cloud images for popular open source applications. Get them now!