Httpd Misconfiguration of certificate's CN and virtual name
This is a bug introduced by a package upgrade from Centos (I think from Centos 7.4 series). In order to solve it we need to change our "/etc/httpd/conf.d/openstack-dashboard.conf
" file to:
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
Then restart httpd: systemctl restart httpd
.
The missing item is: WSGIApplicationGroup %{GLOBAL}
Related videos on Youtube
Comments
-
Fatemeh Abdollahei over 1 year
I'm deploying openstack on CentOS7 and every services and modules deployed well.
but When I type
http://<controller-ip>/dashboard
, after few minutes, error message 500"Internal Server Error"
appears. I'd checked/var/log/httpd/error_log
and saw the error message is:[Mon Oct 09 10:05:55.743509 2017] [:error] [pid 27541] Misconfiguration of certificate's CN and virtual name. The certificate CN has localhost4.localdomain4. We expected controller as virtual name.
my /etc/hosts content is:
127.0.0.1 localhost 10.1.79.116 controller 192.168.2.22 controller 192.168.2.21 compute01
updated: By following these links, still I have problem that mentioned above:
https://www.linode.com/docs/security/ssl/ssl-apache2-centos https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html https://docs.openstack.org/keystone/latest/admin/identity-certificates-for-pki.html https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-advanced-config-sslcertificates.html
now I'm getting confused and I don't know what should I do. Any help would be appreciated.
-
HBruijn over 6 yearsIf the TLS certificate is the problem it might be because 1) you connect with
http://<controller-ip>/
where you are expected to usehttpS
2) you are expected to connect tohttpS://<controller-hostname>/
rather than the IP-address 3) your system is configured reference itself with the hostnamecontroller
and that name is not configured in the TLS certifcate you are using. -
Fatemeh Abdollahei over 6 years@HBruijn thanks for your recommendations, but 1)when I use https, again internal error occurs.2)I exactly enter http(s)://10.1.79.116/dashboard 3)how can I check it?
-
-
jpyams almost 6 yearsThanks! For me, I had the
WSGIApplicationGroup %{GLOBAL}
line, but it was in one of the<Directory>
blocks. Moving that line out of the block worked