2Answers
  • 12
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Installing SSL on Amazon ec2

I'm moving my hosting from justhost.com (horrible) to the amazon cloud as it's cheaper, faster, and far more flexible.

My conundrum is that I will need SSL installed in the Amazon cloud. Note - I already purchased an SSL cert from justhost.com (actually through geocerts.com) and have the private key, domain cert and trust cert in my hand.

I have 3 files all downloaded from geocerts.

1) domain.crt :the cert for the domain

2) private.key : my private key

3) issuer.crt : the issuer certificate

Below is my httpd.conf snippet

NameVirtualHost *:443
<VirtualHost _default_:443>
ServerName www.casinobitco.in
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/private.key
SSLCertificateChainFile /etc/httpd/ssl/issuer.crt
</VirtualHost>

Now, in testing - the cert doesn't seem proper? It basically looks self-signed, fake, etc. https://ec2-54-232-212-186.sa-east-1.compute.amazonaws.com

Seems like the certificate was issued for the wrong domain name (CNAME). Instead of www.casinobitco.in it works only for ip-172-31-16-43. In addition, it is indeed self-signed.

Qualys gives the following test results:

Try these other domain names (extracted from the certificates): ip-172-31-16-43

What does this mean?

This web site does not have a properly configured SSL server. We were able to retrieve more than one certificate, but the domain names listed in them do not match the domain name you requested us to inspect (ec2-54-232-212-186.sa-east-1.compute.amazonaws.com). It's possible that:

  • The web site does not use SSL, but shares an IP address with some other site that does.
  • The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.
  • The web site uses a content delivery network (CDN) that does not support SSL.
  • The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.
  • 1
Reply Report
      • 2
    • Thanks for the thought-out response. I originally installed a test certificate to validate I was doing SSL correct, but have updated the files and restarted apache -but it looks like the web is still seeing the self-signed version?

OK, Turns out, based on my install, mod_ssl was separate from apache so it was running externally.

What's this mean? I needed to make the virtual host edits in /etc/httpd/conf.d/ssl.conf and NOT httpd.conf.

Hopefully someone will see this thread and it will help them out!

  • 0
Reply Report

Trending Tags