CA证书安装并正常运行,没有安全问题。我能够将它用于WordPress管理区域,并且可以安全地访问主页(root)没问题。只要服务器尝试访问HTTPS domain.com/anything,它就会返回404页面。
过去两周我一直在自学AWS,这是我第一次需要求助。通常情况下,我可以找到答案,但这次我一直很冷。提前谢谢。
以下是示例:
答案 0 :(得分:0)
简短回答:您遇到了Web服务器配置问题。
答案很长:如果保存从$ openssl s_client -connect www.pageantsuppliers.com:443 -CAfile startcom-ca.crt获得的证书(只需复制/粘贴),最终实体(服务器证书)就可以了:
$ openssl x509 -inform PEM -in pageantsuppliers-com.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 984131 (0xf0443)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Class 1 Primary Intermediate Server CA
Validity
Not Before: Mar 9 18:28:34 2014 GMT
Not After : Mar 10 07:32:09 2015 GMT
Subject: description=tq5XRBjgh9USfQ68, C=US, CN=www.pageantsuppliers.com/emailAddress=87f13a43b0ac46298171a954f337671e.protect@whoisguard.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:1a:e0:2c:62:cb:74:f6:8a:82:a5:41:85:29:
fb:f6:68:7a:a1:68:04:ec:ea:fe:fc:a5:44:66:dc:
69:6f:d5:9b:2a:4a:b0:56:00:b9:65:c1:f9:a5:36:
f5:66:03:ee:d7:a3:22:7d:a2:eb:45:ba:28:b5:6d:
66:29:93:4b:a2:a7:21:d8:ca:fe:4f:43:4f:49:72:
10:ee:57:08:d5:27:39:e1:ad:56:9a:7a:24:25:e6:
91:6f:b5:8f:32:fb:3e:fc:30:2d:bd:53:7d:3b:d3:
f0:b7:a6:1f:eb:60:ea:92:37:5e:d9:da:f5:40:5a:
7b:aa:e3:ae:65:60:c0:11:bb:79:4d:08:85:7b:7d:
1d:e6:b3:7a:45:91:12:9f:c1:f4:54:9b:9b:a2:a0:
f5:e9:64:e2:4f:8f:c6:f3:f4:54:73:02:77:4b:d9:
6b:c0:47:84:8f:ea:b4:05:b9:39:0b:1e:f5:37:ee:
90:d6:87:e0:c3:15:56:db:e6:fa:b9:fa:4e:1f:36:
c8:df:c9:e8:3a:63:46:d2:e9:e6:07:67:00:6a:10:
d2:d1:40:19:1a:ac:f5:ef:17:28:73:05:6b:69:d1:
74:a8:7b:2e:92:13:fb:f5:d5:d3:57:a6:b6:9f:94:
34:68:c2:ff:8f:5a:8c:3b:8e:d5:c4:f7:6a:97:54:
a4:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Key Identifier:
DD:18:77:CF:57:39:39:EF:1E:B7:E0:25:09:D2:90:72:83:11:D3:9D
X509v3 Authority Key Identifier:
keyid:EB:42:34:D0:98:B0:AB:9F:F4:1B:6B:08:F7:CC:64:2E:EF:0E:2C:45
X509v3 Subject Alternative Name:
DNS:www.pageantsuppliers.com, DNS:pageantsuppliers.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.23223.1.2.3
CPS: http://www.startssl.com/policy.pdf
User Notice:
Organization: StartCom Certification Authority
Number: 1
Explicit Text: This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.startssl.com/crt1-crl.crl
Authority Information Access:
OCSP - URI:http://ocsp.startssl.com/sub/class1/server/ca
CA Issuers - URI:http://aia.startssl.com/certs/sub.class1.server.ca.crt
X509v3 Issuer Alternative Name:
URI:http://www.startssl.com/
Signature Algorithm: sha1WithRSAEncryption
42:8e:78:33:a0:76:39:90:9c:53:b8:e7:7a:a4:06:6d:8a:7c:
f4:65:90:87:70:a9:da:b4:19:09:e2:dd:fd:75:39:c8:f8:bf:
d2:de:e7:0f:70:a8:92:71:2c:fe:45:5f:5b:14:e4:9b:80:1f:
54:7b:1a:37:b4:de:b7:fc:c8:d4:c6:7f:07:be:cc:16:cb:82:
08:12:ff:fe:14:cb:ac:64:83:17:a3:a0:f9:e1:97:6f:66:e8:
9b:13:d3:da:e5:be:c7:43:14:18:6d:bc:76:55:00:c4:8c:8e:
1e:0f:a1:21:46:e3:60:db:5a:1d:7f:61:49:43:55:d7:b6:1c:
af:b2:84:f2:e5:e8:f9:e4:db:ab:b6:38:26:74:cb:8d:69:f6:
9c:0b:ac:fd:bf:9b:c5:3b:3b:2c:16:72:69:7f:7e:7d:7c:37:
bd:f1:e1:83:5e:42:ed:9c:0e:c3:b5:e1:6d:f3:91:ec:07:ff:
7d:12:4c:37:73:5d:9f:be:d2:55:8e:ef:c5:48:3d:7d:d5:cb:
0c:e1:75:ef:dd:0c:8e:46:50:0a:9a:3c:72:28:8d:c0:31:df:
65:06:44:e0:af:3f:0f:7e:de:04:10:be:a0:e9:b9:c6:03:b8:
38:fe:b1:a7:fb:af:b7:6f:82:10:7a:a6:38:50:07:9e:5b:19:
e1:a6:bf:95
发行人是StartCom Class 1 Primary Intermediate Server CA,应该没问题。 StartCom Class 1 Primary Intermediate Server CA发行人为StartCom Certification Authority,也应该没问题。
但是,在发出GET:
$ echo "GET / HTTP/1.1" | openssl s_client -connect www.pageantsuppliers.com:443 -CAfile ca-bundle.pem -servername www.pageantsuppliers.com
CONNECTED(00000003)
depth=3 C = IL, O = StartCom Ltd., CN = StartCom Certification Authority G2
verify return:1
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority
verify return:1
depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA
verify return:1
depth=0 description = tq5XRBjgh9USfQ68, C = US, CN = www.pageantsuppliers.com, emailAddress = 87f13a43b0ac46298171a954f337671e.protect@whoisguard.com
verify return:1
---
...
Start Time: 1394991510
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
似乎没有Web服务器在该端口上提供内容。上面的DONE应该用原始HTML替换,因为s_client只是打印它收到的内容。您还可以添加-pause -ign_eof以保持连接畅通,但这不是您的问题(请参阅s_client(1) docs)。
您遇到了Web服务器配置问题。
答案 1 :(得分:0)
我最终聘请了一位自由职业者来为我解决这个问题。值得花39美元。以下是他所说的,以便其他人可以分享知识。
来自自由职业者的roonex:
我编辑了这个文件:/etc/httpd/conf.d/ssl.conf并且刚刚结束 在关闭标签之前,我添加了这段代码:
<Directory /var/zpanel/hostdata/zadmin/public_html>
AllowOverride none
Order Allow,Deny
Allow from all
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
问题在于,对于ssl,您必须告诉虚拟主机使用 http和https的相同文件夹,在plesk或cpanel中你必须检查 只有一个复选框可以执行此操作,但对于zpanel,您必须执行此操作 更改ssl.conf
此后只需重新启动apache即可修复