我的网站没有使用SSL回复

时间:2017-01-06 16:40:13

标签: apache ssl https openssl virtualhost

我在运行CentOS 6的VPS上托管了一个网站,运行正常。现在我必须使用SSL进行访问,因此我配置/etc/httpd/conf/httpd.conf/etc/httpd/conf.d/ssl.conf以使httpd侦听端口443,然后将与网站相关的虚拟主机绑定到同一端口。

整个配置的明显结果可能会通过以下诊断恢复,这些诊断也会恢复我执行的某些测试(我在必要时屏蔽了数据,而my.site.com是虚拟的):

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

# httpd -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  my.site.com (/etc/httpd/conf.d/ssl.conf:74)
*:80                   my.site.com (/etc/httpd/conf/httpd.conf:1022)
*:8888                 my.site.com (/etc/httpd/conf/httpd.conf:1045)
Syntax OK

# openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=2 O = [Some authority here], CN = [Some authority here] Root CA X3
verify return:1
depth=1 C = US, O = [Some authority here], CN = [Some authority here] X3
verify return:1
depth=0 CN = my.site.com
verify return:1
---
Certificate chain
 0 s:/CN=my.site.com
   i:/C=US/O=[some authority here]/CN=[some authority here] X3
 1 s:/C=US/O=[some authority here]/CN=[some authority here] X3
   i:/O=[some authority here]/CN=[Some authority here] Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
[some certificate codes here]
-----END CERTIFICATE-----
subject=/CN=my.site.com
issuer=/C=US/O=[some authority here]/CN=[some authority here] X3
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3672 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: [some coding here]
    Session-ID-ctx: 
    Master-Key: 
[some coding here]
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    [other codes here]

    Start Time: 1483709215
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed

# openssl s_client -connect [my.site.com's IP] -state -nbio 2>&1 | grep "^SSL"
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
SSL handshake has read 3672 bytes and written 373 bytes
SSL-Session:
SSL3 alert read:warning:close notify
SSL3 alert write:warning:close notify

# iptables -L -v | grep https
 0     0 ACCEPT     tcp  --  any  any   anywhere   anywhere    tcp dpt:https 

# netstat -lnp | grep 443
tcp        0      0 :::443            :::*      LISTEN      22682/httpd

现在,网站仍在通过常用的浏览器http://my.site.com地址进行回复,而如果尝试https://my.site.com则返回 ERR_CONNECTION_TIMED_OUT

此外,通过远程访问 ,我获得了:

# openssl s_client -connect [my.site.com's IP:443]
connect: No route to host
connect:errno=113

那么,问题是什么或我如何调查它的起源?

提前感谢您的帮助。

0 个答案:

没有答案
相关问题
最新问题