0
我很努力地在Docker容器内部配置SSL证书的虚拟主机(我认为这个问题不像Docker那样),当我连接到我的网站时我没有任何错误,只是一个空白页面,但在错误日志中我有这样的:RSA服务器证书apache2
[Tue Aug 02 09:57:58.030690 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:58.030862 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
这是我键入创建我的密钥证书的命令:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/mykey.crt -keyout /etc/ssl/private/mykey.key
我测试,以创建两个证书,因为我需要两个虚拟主机,但它仍然不起作用,这里是我的虚拟主机: 服务器名mysite.local
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName mysite.local
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mykey.crt
SSLCertificateKeyFile /etc/ssl/private/mykey.key
</VirtualHost>
<VirtualHost *:80>
ServerName devadmin.mysite.local
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName devadmin.mysite.local
ServerAdmin [email protected]
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
SetEnv APPLICATION_WEB_BOOTSTRAP "devadmin"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mykey.crt
SSLCertificateKeyFile /etc/ssl/private/mykey.key
</VirtualHost>
这里是日志我有,当我键入service apache2 restart:
[Tue Aug 02 09:57:56.950457 2016] [mpm_prefork:notice] [pid 711] AH00169: caught SIGTERM, shutting down
[Tue Aug 02 09:57:57.987280 2016] [ssl:warn] [pid 753] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:57.987801 2016] [ssl:warn] [pid 753] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Aug 02 09:57:58.030501 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:58.030933 2016] [ssl:warn] [pid 754] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Aug 02 09:57:58.033677 2016] [mpm_prefork:notice] [pid 754] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.17 OpenSSL/1.0.1f configured -- resuming normal operations
[Tue Aug 02 09:57:58.033700 2016] [core:notice] [pid 754] AH00094: Command line: '/usr/sbin/apache2'
预先感谢您。
自从我坐在openssl上以来,这已经有一段时间了,所以你很快可能会得到更好的答案。但是,直到那时,我才会猜测问题是如此:RSA服务器证书是一个CA证书。我会认为你想在服务器上使用的证书实际上是一个CA证书,应该用来签署你应该在服务器上使用的证书。一些信息:http://www.akadia.com/services/ssh_test_certificate.html – MrApnea