0
我试图续订由虚拟主机标识的第二个web服务的证书,称之为“mysubdomain2.mydomain2.com”。apache上的多个虚拟主机的SSL问题
我已经生成了所有需要的文件(mysubdomain2.crt mysubdomain2.mydomain.com.key ca.pem sub.class1.server.ca.pem)。
请注意,我最近成功更新了mysubdomain1.crt的证书。
下面是Apache的虚拟主机条目:
<VirtualHost *:443>
ServerName mysubdomain2.mydomain.com
ServerAdmin [email protected]
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /disk2/certificates/ssl/mysubdomain2.crt
SSLCertificateKeyFile /disk2/certificates/ssl/mysubdomain.mydomain.com.key
SSLCertificateChainFile /disk2/certificates/ssl/sub.class1.server.ca.pem
SSLCACertificateFile /disk2/certificates/startssl/ca.pem
SSLOptions StrictRequire
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#</VirtualHost>
但是,当我重新启动Apache,它与此错误消息关闭:
“caught SIGTERM, shutting down
[Tue Jan 13 13:59:16 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [notice] Apache/2.2.16 (Ubuntu) PHP/5.3.3-1ubuntu9.5 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
此外,从这个链接:
https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
很明显,这个安装的apache已经安装了SNI。看起来apache至少应该开始,因为这些应该只是警告消息。
SNI应该解决的问题是,如果没有它,直到SSL连接建立之后,主机名才会通信,这意味着apache不知道要使用哪个证书。
但是,在这一点上,根本就没有开始。我正在考虑尝试重新生成证书和密钥文件,但是我首先要做的非常谨慎。我想了解真正的问题。
它是否为命令'httpd -t'返回'Syntax OK'? – slash