Httpd Misconfiguration of certificate's CN and virtual name

ssl centos7 httpd 500-error openstack-horizon

8,500

This is a bug introduced by a package upgrade from Centos (I think from Centos 7.4 series). In order to solve it we need to change our "/etc/httpd/conf.d/openstack-dashboard.conf" file to:

WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}

WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
  Options All
  AllowOverride All
  Require all granted
</Directory>

<Directory /usr/share/openstack-dashboard/static>
  Options All
  AllowOverride All
  Require all granted
</Directory>

Then restart httpd: systemctl restart httpd.

The missing item is: WSGIApplicationGroup %{GLOBAL}

8,500

Fatemeh Abdollahei

An outlier in universe dataset! :)

Updated on September 18, 2022

Comments

Fatemeh Abdollahei over 1 year
I'm deploying openstack on CentOS7 and every services and modules deployed well.

but When I type http://<controller-ip>/dashboard , after few minutes, error message 500 "Internal Server Error" appears. I'd checked /var/log/httpd/error_log and saw the error message is:

[Mon Oct 09 10:05:55.743509 2017] [:error] [pid 27541] Misconfiguration of certificate's CN and virtual name. The certificate CN has localhost4.localdomain4. We expected controller as virtual name.

my /etc/hosts content is:
```
127.0.0.1   localhost
10.1.79.116     controller
192.168.2.22    controller
192.168.2.21    compute01
```
updated: By following these links, still I have problem that mentioned above:
```
https://www.linode.com/docs/security/ssl/ssl-apache2-centos
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html
https://docs.openstack.org/keystone/latest/admin/identity-certificates-for-pki.html
https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-advanced-config-sslcertificates.html
```
now I'm getting confused and I don't know what should I do. Any help would be appreciated.
- HBruijn over 6 years
  
  If the TLS certificate is the problem it might be because 1) you connect with http://<controller-ip>/ where you are expected to use httpS 2) you are expected to connect to httpS://<controller-hostname>/ rather than the IP-address 3) your system is configured reference itself with the hostname controller and that name is not configured in the TLS certifcate you are using.
- Fatemeh Abdollahei over 6 years
  
  @HBruijn thanks for your recommendations, but 1)when I use https, again internal error occurs.2)I exactly enter http(s)://10.1.79.116/dashboard 3)how can I check it?
jpyams almost 6 years

Thanks! For me, I had the WSGIApplicationGroup %{GLOBAL} line, but it was in one of the <Directory> blocks. Moving that line out of the block worked