在一个IP上运行SSL的两个站点

时间:2014-11-24 16:16:25

标签: ssl apache2

当用户浏览到我的配置中的第二个域时,我在让我的apache服务器提供正确的IP地址时遇到了一些麻烦。这是我的配置目前的样子。此配置将向客户端提供以下错误“服务器证书与URL不匹配。”。在此先感谢您的帮助。 

<VirtualHost *:80>
    ServerName www.domain1.com
    Redirect / https://www.domain1.com/
</VirtualHost>


<VirtualHost *:443>
            ServerAdmin webmaster@localhost
            ServerName www.domain1.com
            SSLEngine on
            SSLCertificateFile /location/ofcerts/www_domain1_com.crt
            SSLCertificateKeyFile /domain1/www_domain1_com.key
            SSLCertificateChainFile /location/ofcerts/COMODORSAAddTrustCA.crt
            SSLCertificateChainFIle /location/ofcerts/domain1.ca-bundle
            SSLProtocol all -SSLv2 -SSLv3
            SSLHonorCipherOrder on
            SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
        <Location />
            SetEnv no-gzip
        </Location>

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        <Directory /var/www/sub>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName www.domain2.com
        SSLEngine on
        SSLCertificateFile /location/of/domain2certs/www_domain2_com.crt
        SSLCertificateKeyFile /domain2/www_domain2_com.key
        SSLCertificateChainFile /location/of/domain2certs/COMODORSAAddTrustCA.crt
        SSLCertificateChainFIle /location/of/domain2certs/domain2.ca-bundle
        SSLProtocol all -SSLv2 -SSLv3
        SSLHonorCipherOrder on


        DocumentRoot /var/www/domain2
        <Directory /var/www/domain2>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>
</VirtualHost>

2 个答案:

答案 0 :(得分:0)

我认为不可能在同一个IP地址和端口上托管2个基于命名的SSL虚拟主机。 Apache将始终使用第一个列出错误的主机。

链接:https://wiki.apache.org/httpd/NameBasedSSLVHosts

答案 1 :(得分:0)

在配置顶部添加了以下内容。

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off
相关问题
最新问题