我正在尝试在位于本地网络的网页上设置SSL。首先,我使用openssl生成了一个证书,并修改了apache2目录下的一些.conf文件。不幸的是,我得到了403 forbidden access error。它仅涉及443 port (HTTPS)。 HTTP (80)完美无缺。 BTW加密有效,因为我的浏览器显示Your connecton is encrypted...。
的httpd.conf 仅包含
以下的文件default-vhost.conf(端口80) - 工作
<VirtualHost 10.83.200.80:80>
DocumentRoot "/srv/www/htdocs"
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
default-vhost-ssl.conf(443) - 无法正常工作
#<IfDefine SSL>
#<IfDefine !NOSSL>
<VirtualHost _default_:443>
ServerName 10.83.200.80:443
ServerAlias 10.83.200.80:443
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
<Directory "/srv/www/htdocs">
Options +FollowSymLinks
Options None
Order allow,deny
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
#RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
#RewriteRule ^/$ /roundcube [R]
</VirtualHost>
#</IfDefine>
#</IfDefine>
正如您所看到的,对于这两个文件,配置是完全相同的。
问候。