我们想要将SSL证书安装到网站上(我们已经将SSL安装到几个页面而没有任何问题,但这次我们遇到了问题)。
当我们在apache Vhost中激活证书时,页面保持空白。
服务器网站是Apache2,他的数据是:
Server version: Apache/2.2.22 (Debian)
Server built: Jan 31 2014 18:55:37
Server's Module Magic Number: 20051115:30
Server loaded: APR 1.4.6, APR-Util 1.4.1
Compiled using: APR 1.4.6, APR-Util 1.4.1
Architecture: 32-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="mime.types"
-D SERVER_CONFIG_FILE="apache2.conf"
S.O: Debian GNU / Linux 7.5(wheezy)。
此域名的apache vhost:
/*****************Apache2 Vhost MyDomain.com*****************************/
<VirtualHost *:443>
ServerName mydomain.com
ServerAdmin sistems@mydomain.com
ServerAlias www.MyDomain.com MyDomain.com
Include /etc/apache2/mods-available/fcgid.conf
SuexecUserGroup www.MyDomain.com MyDomain.com
<Directory /var/www/virtual/MyDomain.com/ftp/htdocs>
FCGIWrapper /var/www/virtual/MyDomain.com/conf/fcgid .php
<FilesMatch \.php$>
SetHandler fcgid-script
</FilesMatch>
Options +ExecCGI -Indexes
Order allow,deny
allow from all
AllowOverride All
</Directory>
DocumentRoot /var/www/virtual/MyDomain.com/ftp/htdocs
LogLevel warn
ErrorLog /var/www/virtual/MyDomain.com/logs/error.log
CustomLog /var/www/virtual/MyDomain.com/logs/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/SSLCertificat.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
SSLCertificateChainFile /etc/apache2/ssl/Intermediate.crt
ScriptAlias /cgi-bin/ /var/www/virtual/MyDomain.com/ftp/cgi-bin/
<Directory /var/www/virtual/MyDomain.com/ftp/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI -Indexes
Order allow,deny
Allow from all
</Directory>
Alias /awstats-icon/ /usr/share/awstats/icon/
ScriptAlias /awstats/ /var/www/virtual/MyDomain.com/cgi-bin/
<Directory /var/www/virtual/MyDomain.com/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI -Indexes
Order allow,deny
Allow from all
</Directory>
Alias /awstats-icon/ /usr/share/awstats/icon/
ScriptAlias /awstats/ /var/www/virtual/MyDomain.com/cgi-bin/
<Directory /var/www/virtual/MyDomain.com/cgi-bin>
AllowOverride AuthConfig
Options ExecCGI -Indexes
Order allow,deny
Allow from all
</Directory>
<IfModule mod_bw.c>
BandwidthModule On
ForceBandWidthModule On
Bandwidth all 204800
MaxConnection all 50
</Ifmodule>
</VirtualHost>
/*************************************************************************/
ports.conf:
/**************************************************************************/
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
#XXX.XXX.XXX is the server Ip.
Listen 443
Listen XXX.XXX.XXX:8080
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
Listen XXX.XXX.XXX:8080
</IfModule>
/**************************************************************************/
这是apache2.conf:
/**************************************************************************/
LockFile ${APACHE_LOCK_DIR}/accept.lock
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 100
ServerLimit 100
MaxRequestsPerChild 1000
</IfModule>
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
DefaultType None
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
Include mods-enabled/*.load
Include mods-enabled/*.conf
Include ports.conf
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
Include conf.d/
Include sites-enabled/
/**************************************************************************/
在日志中我们有这个错误(虽然我们不相信这是导致页面掉落的原因):
[warn] RSA服务器证书CommonName(CN)`MyServerName&#39;才不是 匹配服务器名称!?
请有人帮我们解决问题吗?
提前致谢
答案 0 :(得分:0)
这意味着您的SSL证书已经过自签名,因此无法将其验证为已证券化的SSL。所以你需要买一个。
每个域名&amp;子域名必须在您的SSL证书中注册*每个域名&amp;子域名必须在您的SSL证书中注册:
如果您支付了SSL证书,则应检查它是否是允许所有子域都是有效SSL域的WildCard SSL。
否则,您可以使用以下命令测试证书以查看它适用的域:
openssl x509 -in /etc/apache2/ssl/Intermediate.crt -noout -text | grep -A1 "Subject Alternative"
此命令的结果将显示您的证书可以使用哪个域
答案 1 :(得分:0)
我已经解决了本手册(不改变端口):
http://jeromejaglale.com/doc/ubuntu/https_ssl_custom_port
基本上我为我的网站的SSL版本创建了另一个Vhost,我之前添加了这个块:
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown