Skip to main content

Httpd Misconfiguration of certificate's CN and virtual name [Resolved]

I'm deploying openstack on CentOS7 and every services and modules deployed well.

but When I type http:///dashboard , after few minutes, error message 500 "Internal Server Error" appears. I'd checked /var/log/httpd/error_log and saw the error message is:

[Mon Oct 09 10:05:55.743509 2017] [:error] [pid 27541] Misconfiguration of certificate's CN and virtual name. The certificate CN has localhost4.localdomain4. We expected controller as virtual name.

my /etc/hosts content is:

127.0.0.1   localhost
10.1.79.116     controller
192.168.2.22    controller
192.168.2.21    compute01

updated: By following these links, still I have problem that mentioned above:

https://www.linode.com/docs/security/ssl/ssl-apache2-centos
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html
https://docs.openstack.org/keystone/latest/admin/identity-certificates-for-pki.html
https://docs.openstack.org/project-deploy-guide/openstack-ansible/ocata/app-advanced-config-sslcertificates.html

now I'm getting confused and I don't know what should I do. Any help would be appreciated.


Question Credit: Fatemeh Abdollahei
Question Reference
Asked October 11, 2017
Posted Under: Network
8 views
1 Answers

This is a bug introduced by a package upgrade from Centos (I think from Centos 7.4 series). In order to solve it we need to change our "/etc/httpd/conf.d/openstack-dashboard.conf" file to:

WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}

WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static

<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
  Options All
  AllowOverride All
  Require all granted
</Directory>

<Directory /usr/share/openstack-dashboard/static>
  Options All
  AllowOverride All
  Require all granted
</Directory>

Then restart httpd: systemctl restart httpd.

The missing item is: WSGIApplicationGroup %{GLOBAL}


credit: Fatemeh Abdollahei
Answered October 11, 2017
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA