Apache提供错误的SSL证书

时间:2015-06-25 21:03:09

标签: apache ssl configuration vhosts virtual-hosts

我有一台运行Debian 8.1的服务器,其中包含Apache 2.4.10和OpenSSL 1.0.1k。 我有一个域example.com,其中包含一些子域,如www.example.com,cloud.example.com和db.example.com,这些子域都是服务器(A-Records)。 所有这些子域都有自己的VirtualHosts,并拥有自己的SSL证书。此外,如果您使用其他域或IP发送HTTPS请求,您将获得包含自签名证书的页面。 一切都运行良好,直到我重新启动我的服务器。 现在,当我请求example.com(没有子域名前缀)时,我得到了自签名的crt。子域工作得非常好。我有以下vHost-Configs:

(因为我只想要HTTPS,我对所有HTTP连接都有重写规则)

000-default.conf

<VirtualHost *:80>
    ServerAdmin admin@example.com
    RewriteEngine On
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
    ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin admin@example.com
    DocumentRoot /var/www

    <Directory /var/www>
            AllowOverride All
            Require all granted
    </Directory>

    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/default/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/default/ca.key
</VirtualHost>
</IfModule>

www.example.com.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example
    <Directory /var/www/example>
            AllowOverride All
            Require all granted
    </Directory>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
    SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>

cloud.example.com.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin admin@example.com
    ServerName cloud.example.com
    DocumentRoot /var/www/example
    <Directory /var/www/example>
            AllowOverride All
            Require all granted
    </Directory>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    ErrorLog ${APACHE_LOG_DIR}/error.ssl.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.ssl.log combined
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/www.example.com/ca.crt
    SSLCertificateKeyFile /etc/ssl/certs/www.example.com/ca.key
    SSLCertificateChainFile /etc/ssl/certs/www.example.com/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/ssl/certs/www.example.com/ca.pem
</VirtualHost>
</IfModule>

我真的希望有人可以帮助我!

2 个答案:

答案 0 :(得分:0)

主机名是示例(如域名,但没有.com)所以我将主机名更改为一些随机输入,重启后一切正常。当我更改主机名时,即使重启后它也能继续工作。

答案 1 :(得分:0)

对我来说,改变VirtualHosts的顺序有助于解决问题,将故障的VirtualHost置于conf文件的顶部。