apache - Apache SSL 证书无法正常工作
问题描述
我想将今天生成的 ssl 证书放在网站上,但它不起作用。安全页面未加载,但不安全页面有效。这是我的conf:
<VirtualHost *:80>
ServerName example.com
ServerAdmin example@gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/example-error.log
CustomLog /var/log/example-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin example@gmail.com
ServerAlias www.example.com
DocumentRoot /var/www/example
<Directory /var/www/example>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /root/certs/example.crt
SSLCertificateKeyFile /root/XXX.key
SSLCertificateChainFile /root/certs/example.crt
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug
</VirtualHost>
奇怪的是我在 ssl_error_log 中没有错误:
[Fri Apr 02 22:33:55.266922 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.267378 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.267430 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.267738 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.267751 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.267762 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.267939 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: example / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.267957 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[Fri Apr 02 22:33:55.310426 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.310726 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.310770 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.310983 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.310994 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.311002 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.311108 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: XXX / notbefore: Apr 2 00:00:00 2021 GMT / notafter: May 3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.311117 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[root@vps httpd]# curl https: //xxx.com
curl: (7) Failed connect to xxx.com:443; Connection refused
端口打开是防火墙。
任何想法?
解决方案
除了 Ryan 写的绝对正确的内容之外,您应该修复(或删除)
SSLCertificateChainFile /root/certs/example.crt
如果你想修复它,你不应该在这里使用证书,而是使用链,这意味着用于签署你的 csr 的证书。链可能包括也可能不包括根:我个人从不包括根。
另外,我建议您将证书移到根主目录之外:例如,您可以在 apache 根目录 (/etc/{apache2,httpd}/certs) 中创建一个子文件夹。
推荐阅读
- java - 生成大型 pdf 而在主内存中没有内容
- r - 如何在 mutate 中使用具有多个输入的函数在管道中
- algorithm - 在矩阵匹配模式中寻找孔洞的矩阵算法
- c# - 如何将字符串转换为 FIXMessage?
- unity3d - 将 AddForce 添加到 3D 对象的力标准化
- amazon-web-services - 无法通过 iphone 访问 AWS ELB
- python - 如何限制opencv在Python中使用的线程数?
- javascript - 将旧函数更新为异步等待
- c# - 为什么此示例 TIFF 导入代码会导致错误?
- google-analytics-api - GA 如何计算页面浏览量?