Apache HTTPS重定向证书错误

时间:2018-01-22 12:51:35

标签: apache ssl redirect https certificate

我们有两个域名(gis4business.co.uk和gis4business.com)指向使用apache托管的同一网站。我们在整个站点使用SSL,并为* .gis4business.co.uk提供通配符SSL证书。

默认的apache conf文件(000-default.conf)有一个虚拟主机,配置为从http重定向到https,如下所示:

<VirtualHost *:80>
   ...
   Redirect permanent "/" "https://www.gis4business.co.uk/"
</VirtualHost>

然后我们有一个默认的SSL配置文件(default-ssl.conf),它有一个虚拟主机配置如下:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

此配置按预期正常运行以下网址:

但是,网址https://www.gis4business.com会产生证书警告(firefox中的SSL_ERROR_BAD_CERT_DOMAIN和chrome中的ERR_CERT_COMMON_NAME_INVALID)。

显然抱怨SSL证书与域名不匹配(gis4business.com),所以我假设我们需要从gis4business.com到gis4business.co.uk的HTTPS重定向。我们已经尝试了各种配置,并设法让重定向工作。

我们尝试过:

1)将另一个虚拟主机(*:443)添加到000-default.conf文件的顶部,如下所示:

<VirtualHost *:443> 
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt 
</VirtualHost>

2)将另一个虚拟主机(默认:443)添加到default-ssl.conf文件的顶部,如下所示:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

如果可以在没有证书错误的情况下将https从一个域重定向到另一个域,那么使其工作的正确配置是什么?

1 个答案:

答案 0 :(得分:1)

让我们看看redirect指令是如何工作的

  

Redirect指令通过要求客户端在新位置重新获取资源,将旧URL映射为新URL。

第一个请求由apache处理,生成30x响应以自动将浏览器重定向到新网址

           browser                       SERVER             SSL  cert
https://www.gis4business.com       -->  redirect     *.gis4business.co.uk
           302-redirect            <-- 
https://www.gis4business.co.uk/    -->  process      *.gis4business.co.uk

第一个请求是使用颁发给https://www.gis4business.com的证书从*.gis4business.co.uk提供的,因此被视为无效

要解决此问题,您需要使用颁发给www.gis4business.com*.gis4business.com的证书。定义新的虚拟主机或请求具有两个主机名的新证书。

相关问题
最新问题