apache - httpd 不以自签名证书开头
问题描述
尝试启动 httpd,我在错误日志中看到以下内容,
[Mon Apr 12 21:00:13.398987 2021] [suexec:notice] [pid 155] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Mon Apr 12 21:00:13.399247 2021] [ssl:emerg] [pid 155] AH02572: Failed to configure at least one certificate and key for myHost.net:443
[Mon Apr 12 21:00:13.399265 2021] [ssl:emerg] [pid 155] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Mon Apr 12 21:00:13.399270 2021] [ssl:emerg] [pid 155] AH02312: Fatal error initialising mod_ssl, exiting.
在 /var/www/test 我通过创建自签名文件
bash-4.2# openssl req -new -x509 -nodes -out server.crt -keyout server.key
Generating a 2048 bit RSA private key
........+++
..................................................................................+++
writing new private key to 'server.key'
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:NJ
Locality Name (eg, city) [Default City]:Princeton
Organization Name (eg, company) [Default Company Ltd]:Acme
Organizational Unit Name (eg, section) []:Dev
Common Name (eg, your name or your server's hostname) []:myHost.net
Email Address []:a@z.com
/etc/httpd/conf.d/ssl.conf 文件包含,
<VirtualHost _default_:443>
SSLEngine on
SSLProtocol all -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
ServerName myHost.net
SSLCertificateFile /var/www/test/server.crt
SSLCertificateKeyFile /var/www/test/server.key
Include /etc/httpd/conf.d/options-ssl-apache.conf
</VirtualHost>
/etc/httpd/conf.d/options-ssl-apache.conf 有
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
/etc/httpd/conf.modules.d/00-ssl.conf 有
LoadModule ssl_module modules/mod_ssl.so
这是在 Docker 容器中,
bash-4.2# cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
关于在哪里查看的任何指示都给出了稍微模棱两可的错误?非常感谢
解决方案
推荐阅读
- c++ - string_view 指向另一个字符串
- typescript - 如何从 Typescript 更新 HTML 元素的属性(如颜色)
- azure - Azure AD 应用程序代理是否在 Windows Server 核心上?
- python - Python 猜谜游戏:5 次测验中的任何一次失败都会跳过所有剩下的测验并直接查看结果
- c - EBP、ESP 以及前一个 ESP 和当前 EBP 之间的区域如何通过 gcc 在调用堆栈上对齐?
- android - Android Studio 3.4.1 在地图示例中构建异常
- python - 如何使用 lamda 函数指定我的分组并将我需要的其他列保留在数据框中?
- angular - 根据调用组件的不同,Angular 组件可以有不同的形式吗?
- javascript - 在绑定文本之前添加空格 (knockout.js)
- javascript - JSON 数组联合