Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Apache certificate problem |
|
Author |
|
bagu
Joined: 06 Jan 2011 Posts: 193 Location: France
|
Posted: Mon 29 Nov '21 23:28 Post subject: Apache certificate problem |
|
|
Hello,
I am experiencing a rather strange error on one of my server's virtual hosts.
I have a let's encrypt certificate that manages all my domains and subdomains.
On https://forum.hyze.fr I have no problem, but on https://mumble.hyze.fr I have two types of errors.
SEC_ERROR_OCSP_TRY_SERVER_LATER on the first one
SEC_ERROR_UNKNOWN_ISSUER on the second one
Note that I only have this problem on Mozilla Firefox.
I checked the OSCP settings, and nothing has changed:
SSLUseStapling on in virtual hosts
SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(512000)" in apache configuration file.
Do you know where the problem comes from?
Thanks |
|
Back to top |
|
Otomatic
Joined: 01 Sep 2011 Posts: 212 Location: Paris, France, EU
|
Posted: Tue 30 Nov '21 10:05 Post subject: Re: Apache certificate problem |
|
|
bagu wrote: |
Note that I only have this problem on Mozilla Firefox.
|
Firefox, unlike almost all other browsers, has its own certificate store and doesn't use(?) the Windows stores.
Here is how I proceed, locally, with the sites I use in https:
- Firefox, Settings -> Privacy and security
- Certificates -> View Certificates.
- Store "Authorities" then Import
--- The client or Site certificate(s) with the suffix ".pfx or .p12".
It contains the certificate, its intermediary and the private key.
-- Windows, in the Certificate Manager (certmgr.msc), "Personal" store.
-- Firefox, in the "Your Certificates" store.
The password will be requested. |
|
Back to top |
|
bagu
Joined: 06 Jan 2011 Posts: 193 Location: France
|
Posted: Tue 30 Nov '21 10:31 Post subject: |
|
|
Hello Otomatic,
The problem is solved.
I have a problem with port 80 on my apache.
So OCSP complain and certificate verification failed.
I change listen 127.0.0.1:80 to listen 80, restarted and everything work again. (don't follow bad security tuto on internet...)
I didn't see problem before because i also have listen 443.
Thanks |
|
Back to top |
|
|
|
|
|
|