1. 首页
  2. 问答
  3. 的Apache 2.4是搞乱了SSL证书

的Apache 2.4是搞乱了SSL证书

2017-07-06 87 views
1

我有两个SSL证书 为域* .example.com的和* .dev.example.com下面虚拟主机配置:的Apache 2.4是搞乱了SSL证书

<VirtualHost *:443> 
    ServerName site.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key 

    ProxyPreserveHost on 
    ProxyPass/http://192.168.1.101:8073/ 
    ProxyPassReverse/http://192.168.1.101:8073/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerName site.dev.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/dev_example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key 

    ProxyPreserveHost on 
    ProxyPass/http://192.168.1.102:8073/ 
    ProxyPassReverse/http://192.168.1.102:8073/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerAlias *.dev.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/dev_example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key 

    <Proxy balancer://devcluster> 
     BalancerMember http://192.168.1.201:8182 
     BalancerMember http://192.168.1.202:8182 
    </Proxy>  
    ProxyPass/balancer://devcluster/ 
    ProxyPassReverse/balancer://devcluster/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerAlias *.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key 

    <Proxy balancer://mycluster> 
     BalancerMember http://192.168.1.203:8182 
     BalancerMember http://192.168.1.204:8182 
    </Proxy>  
    ProxyPass/balancer://mycluster/ 
    ProxyPassReverse/balancer://mycluster/ 
</VirtualHost>

当访问的网站我得到如下:

  1. site.example.com具有有效证书* .example.com的从example.crt

  2. site.dev.example.com具有dev_example.crt

  3. anything.dev.example.com有* .dev.example有效证明,* .dev.example.com有效证书。 COM从dev_example.crt

  4. anything.example.com将失效证书*从dev_example.crt在spceified * .dev.example.com虚拟主机.dev.example.com

貌似虚拟主机“ServerAlias * .example.com的”正在复苏中的虚拟主机指定的证书“ServerAlias * .dev.example.com”

它是Apache的故障或有毛病我的配置?

来源

2017-07-06 V. Smt

回答

2

您需要为每个SSL虚拟主机选择唯一的ServerName,即使您希望ServerAlias代表您需要的内容。 mod_ssl使用servername作为SNI的关键字。

来源

2017-07-09 19:32:25 covener

+0

好的,我会试试,谢谢。 –

+0

你仍然可以使用serveralias,你只是不能Omi ServerName或有dup的 – covener

+0

是的,它的工作,非常感谢。 –

相关问题

 相关问题