SSL仍然显示为不安全

时间:2017-07-04 13:41:15

标签: apache ssl

我试图设置我的SSL证书,但该网站仍然说https是不安全的。

我已按如下方式编辑了000-default.conf:

<VirtualHost *:80>
    ServerName millingtonmayers.co.uk
    Redirect permanent / https://millingtonmayers.co.uk/
 </VirtualHost>

 <VirtualHost *:443>
    ServerName millingtonmayers.co.uk
    SSLEngine on
    SSLCertificateFile /home/bensleym/millingtonmayers.co.uk.crt
    SSLCertificateKeyFile /home/bensleym/millingtonmayers.co.uk.key
    SSLCertificateChainFile /home/bensleym/intermediate.crt
    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless

    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf
 </VirtualHost>

重定向似乎没有任何想法?

2 个答案:

答案 0 :(得分:0)

是否已从CA签署证书(millingtonmayers.co.uk.crt)?当我检查时说:

Start Time: 1499176042
Timeout   : 300 (sec)
Verify return code: 18 (self signed certificate)

如果是自我犯罪,则不受信任。 你可以在控制台上使用“openssl s_client -connect millingtonmayers.co.uk:443”来检查这个

答案 1 :(得分:0)

证书签署过程如下:

  1. Genarate键和csr “openssl req -new -newkey rsa:1024 -nodes -keyout millingtonmayers.co.uk.key -out millingtonmayers.co.uk..csr”

    2. 2.发送CA代理的CSR,如comodo(https://www.instantssl.com/free-ssl-certificate.html).you,将从CA获得以下证书。 CA代理将提供3个证书

    2.1。根证书

    2.2。中级证书

    2.3。 millingtonmayers.co.uk.crt

    您可以从上面获得90天免费证书

    3.将上述3证书合并为一份。

    cat millingtonmayers.co.uk.crt DigiCertCA.crt TrustedRoot.crt >millingtonmayers.co.uk.concatanated.crt

    4.将millingtonmayers.co.uk.concatanated.crt和millingtonmayers.co.uk.key配置为lb

相关问题
最新问题