You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Kumar Bijayant <bi...@gmail.com> on 2013/03/01 10:03:25 UTC
[users@httpd] [Solved]Re: [users@httpd] Certificate mismatch error
Hi Edward,
The issue is now resolved after importing the correct intermediate certs.
Their test steps were having some issue. Now all works fine.
Thanks for your help.
With Best Regards,
Bijayant Kumar
On Wed, Feb 27, 2013 at 2:23 AM, Edward Quick <ed...@hotmail.com>wrote:
> Ok, I guess your job is to show that apache is set up correctly and the
> fault is on the client side, so try these tests:
>
> Using curl, with your root certificate file (you shouldn't need the
> intermediate one if you set apache up right), run this:
>
> Test 1:
>
> $ curl --cacert ./root.pem https://abc.com
> $ curl --cacert ./root.pem https://xyz.com
>
> If that returns an error, try:
>
> Test 2:
> $ curl -k --cacert ./root.pem https://abc.com
>
> That should work (but disables ssl validation). If it doesn't, try curl -v
> or read the curl man page :-)
>
> If that worked try:
>
> Test 3:
> Concatenate the intermediate cert (pem format) to the end of root.crt, and
> rerun the curl script:
>
> $ curl --cacert ./root_and_intermediate.pem https://abc.com
> $ curl --cacert ./root_and_intemediate.pem https://xyz.com
>
>
>
> ------------------------------
> Date: Tue, 26 Feb 2013 20:49:54 +0530
>
> From: bijayant.mws@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Certificate mismatch error
>
> Just got an update from client that after importing the intermediate cert
> also, the issue is not resolved !!
>
> *ORA-06512: at "SYS.UTL_HTTP", line 1029*
> *ORA-29024: Certificate validation failure (-29273)*
> *
> *
> *Thanks & Regards,*
> *BIjayant Kumar*
>
>
> On Tue, Feb 26, 2013 at 7:49 PM, Kumar Bijayant <bi...@gmail.com>wrote:
>
> The certificate is installed by third party (trust center). I think the
> same and asked them to check and install if it is not there. Just waiting
> for their reply now.
>
> Thanks for your help so far!
>
> Thanks & Regards,
> Bijayant Kumar
>
>
> On Tue, Feb 26, 2013 at 5:47 PM, Edward Quick <ed...@hotmail.com>wrote:
>
> Is your certificate issued by an internal CA or someone like
> Verisign/Komodo etc?
> I wonder if the Oracle DB connecting has the CA root certificate installed
> in their truststore. If they do, check the certificate chain for your site
> to make sure the intermediate is correctly set up.
>
> ------------------------------
> Date: Tue, 26 Feb 2013 14:29:29 +0530
>
> From: bijayant.mws@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Certificate mismatch error
>
> Hi Edward,
>
> I just renewed the server certificate on the Apache webserver. Oracle DB
> is not in our scope, that was the message from client.
>
> Thanks,
> Bijayant Kumar
>
>
> On Mon, Feb 25, 2013 at 7:31 PM, Edward Quick <ed...@hotmail.com>wrote:
>
> Could you clarify, when you say :
>
> The Certificate was installed into a Wallet-Manager of the ORACLE-DB.
> I need this Certificate for a communication between ORACLE-DB to the
> Webserver.
>
> Does that mean you are doing client certificate verification?
>
> Or are you just renewing the server certificate on your web server?
>
> ------------------------------
> Date: Mon, 25 Feb 2013 18:34:21 +0530
> From: bijayant.mws@gmail.com
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Certificate mismatch error
>
>
> Hi Edward,
>
> Yes, the intermediate certs have been set up on the Apache server.
>
> By any chance you know what else information can I ask from client to pin
> point their/DB problem?
>
> Thanks & Regards,
> Bijayant Kumar
>
>
> On Sun, Feb 24, 2013 at 2:16 PM, Edward Quick <ed...@hotmail.com>wrote:
>
> Hi Bijayant,
>
> You don't need another certificate if xyz.com is a subject alternate name
> of the primary certificate abc.com, so your understanding there is
> correct.
> Is the intermediate certificate set up?
>
> Regards,
> Edward.
>
> ------------------------------
> Date: Sun, 24 Feb 2013 12:49:45 +0530
> From: bijayant.mws@gmail.com
> To: users@httpd.apache.org
> Subject: [users@httpd] Certificate mismatch error
>
>
> Hello List,
>
> I have an issue to connect SSL enabled site to Oracle database server. Let
> me explain you with an example here.
>
> My website name is abc.com and it has another name as well say xyz.comand that is listed in additional DNS name field of certificates. Primary
> name is abc.com only.
>
> Now client is saying
>
> The Certificate was installed into a Wallet-Manager of the ORACLE-DB.
> I need this Certificate for a communication between ORACLE-DB to the
> Webserver. When the ORACLE DB communicate with the the Webserve, the
> following error massage was created:
> *ORA-06512: at "SYS.UTL_HTTP", line 1029*
> *ORA-29024: Certificate validation failure (-29273)*
> Now they are asking me to create a new certificate with the name xyz.comonly. But as far as my knowledge goes, this should not create any issue as
> I have used both the name in my certificate and also I am not getting any
> error while browsing the website with either name.
> Please correct me if I am wrong or any other pointer that will be helpful.
>
>
>
> Thanks & Regards,
> Bijayant Kumar
>
>
>
>
>
>
>
>
>