堆栈内存溢出
  简体   繁体   English

如何使用Microsoft证书服务生成SSL证书,然后安装/配置它以与Apache一起使用?

[英]How do I generate an SSL Certificate with Microsoft Certificate Services and then install / configure it to work with Apache?

 原文  2008-12-12 22:52:08       apache/ ssl

问题描述

I've generated a certificate request, submitted it to the Microsoft Certificate Services program. 我已经生成了一个证书申请,并将其提交给了Microsoft证书服务程序。 It issues the certificate. 颁发证书。 I downloaded it to conf/ssl/server.cert 我将其下载到conf / ssl / server.cert

I configured it in apache to using 我在apache中配置了使用 

SSLCertificateFile conf/ssl/server.cert
SSLCertificateKeyFile conf/ssl/server.key

When I start the server with this config I get 当我使用此配置启动服务器时,我得到

Secure Connection Failed An error occurred during a connection to 192.168.1.100. 安全连接失败连接到192.168.1.100时发生错误。

Certificate type not approved for application. 证书类型未获批准。 (Error code: sec_error_inadequate_cert_type) The page you are trying to view can not be shown because the authenticity of the received data could not be verified. (错误代码:sec_error_inadequate_cert_type)由于无法验证接收数据的真实性,因此无法显示您尝试查看的页面。

  • Please contact the web site owners to inform them of this problem. 请与网站所有者联系,以告知他们该问题。

If I download the CA Certificate and install it with 如果我下载CA证书并使用 

SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key
SSLCACertificateFile conf/ssl/cacert.crt

The server fails to start. 服务器无法启动。

It works fine if I generate a self signed certificate an install it, but I need it to come from Microsoft Certificate Services so it won't warn internal users about the certificate. 如果我在安装时生成了自签名证书,它会很好地工作,但是我需要它来自Microsoft证书服务,因此它不会警告内部用户有关证书的信息。

2 个解决方案

解决方案1
 4 已采纳  2008-12-12 23:21:23

Sounds like your cert isn't allowed to be used for a server. 听起来好像您的证书不允许用于服务器。 IIRC, you can view the certificate in a browser and look for Usage or some such language, and it should say SSL Server (possibly among other things). IIRC,您可以在浏览器中查看证书并查找“用法”或某种类似的语言,并且应该显示SSL Server(可能是SSL Server)。

解决方案2
 2  2009-03-14 04:03:53

You need to make sure that the issued certificate has "Server Authentication" specified as one of the permitted uses in the extended key usage extension. 您需要确保颁发的证书已将“服务器身份验证”指定为扩展密钥用法扩展中的允许用途之一。 The easiest way to do this (and only way on Win2k3 Standard) is to use the Web Server certificate template. 最简单的方法(也是Win2k3 Standard上的唯一方法)是使用Web服务器证书模板。

You need to use the Certificate Services MMC snap-in to add this certificate template to the list of those allowed, and then need to configure permissions so the appropriate user(s) can request certificates. 您需要使用证书服务MMC管理单元将此证书模板添加到允许的证书模板中,然后需要配置权限,以便适当的用户可以请求证书。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安装ssl证书apache - install ssl certificate apache 如何配置多个 <virtualhost> 使用相同的SSL证书-Apache - How can I configure multiple <virtualhost> with the same SSL Certificate - Apache 如何在ubuntu的apache服务器中安装SSL证书 - How to install SSL certificate in apache server in ubuntu 如何使用 Apache 和 Nginx 安装 ssl 证书 - How to install ssl certificate with Apache and Nginx 如何在Amazon Web Services / Apache上续订SSL证书 - How to Renew SSL Certificate on Amazon Web Services/Apache Apache Tomcat / 7.0.35 SSL证书安装 - Apache Tomcat/7.0.35 SSL Certificate Install 如何使用Apache和CA证书配置Docker Registry V2? - How do I Configure a Docker Registry V2 with Apache and a CA certificate? 如何在Ubuntu上的Apache上配置SSL? - How do I configure SSL on Apache on Ubuntu? Apache SSL请求证书 - Apache SSL Request Certificate Apache SSL证书 - Apache SSL Certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM