我已经从SSLS购买了三个域的两个证书(不是大多数示例和教程所讨论的OpenSSL证书),两个域+一个子域。我们称它们为mysite1.com,www.mysite1.com和mysite2.com。我正在尝试将证书安装在具有单个IP地址的单个服务器上。我之前曾在OpenSLL上进行过尝试,结果一团糟,而且这是一个生产环境,因此我无法进行实验。我看了很多教程,包括:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
这是我到目前为止所拥有的:
default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mysite1.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite1.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost mysite2.com:443>
ServerName mysite2.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
我有几个问题:
我假设不再需要NameVirtualHost(根据this),还是应该以防万一?
不确定FileSatch和Directory的作用-是否需要?
如何配置www.mysite1.com地址?
我还需要做什么?
感谢您的帮助。