堆栈内存溢出
  简体   繁体   English

apache上有多个虚拟主机的SSL问题

[英]SSL issue with multiple virtual hosts on apache

 原文  2015-01-13 20:18:55       apache/ ssl/ virtualhost

问题描述

I'm trying to renew the certificate for a second web serviced identified by a virtual host, call it “mysubdomain2.mydomain2.com”. 我正在尝试为虚拟主机标识的第二个Web服务续订证书,称为“ mysubdomain2.mydomain2.com”。

I've generated all the required files (mysubdomain2.crt mysubdomain2.mydomain.com.key ca.pem sub.class1.server.ca.pem). 我已经生成了所有必需的文件(mysubdomain2.crt mysubdomain2.mydomain.com.key ca.pem sub.class1.server.ca.pem)。

Note that I recently successfully renewed the certificate for mysubdomain1.crt. 请注意,我最近成功为mysubdomain1.crt续订了证书。

Here's the virtual host entry in apache: 这是apache中的虚拟主机条目: 

<VirtualHost *:443>
  ServerName mysubdomain2.mydomain.com
  ServerAdmin myname@mycomp.com


   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

   SSLCertificateFile /disk2/certificates/ssl/mysubdomain2.crt
   SSLCertificateKeyFile /disk2/certificates/ssl/mysubdomain.mydomain.com.key
   SSLCertificateChainFile /disk2/certificates/ssl/sub.class1.server.ca.pem
   SSLCACertificateFile /disk2/certificates/startssl/ca.pem
   SSLOptions StrictRequire
   SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

   CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#</VirtualHost>

But when I restart apache, it shuts down with this error message: 但是当我重新启动apache时,它关闭并显示以下错误消息: 

“caught SIGTERM, shutting down
[Tue Jan 13 13:59:16 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Jan 13 13:59:17 2015] [notice] Apache/2.2.16 (Ubuntu) PHP/5.3.3-1ubuntu9.5 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations

Additionally, from this link: 此外,从此链接: 

https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

it's clear that this installation of apache has SNI installed. 很显然,此安装的apache已安装了SNI。 It seems that apache should at least start, as these are supposed to be just warning messages. 看来apache应该至少应该开始,因为这些应该只是警告消息。

The problem SNI is supposed to solve is that without it, the host name doesn't get communicated until after the SSL connection is established, meaning that apache doesn't know which certificate to use. SNI应该解决的问题是,没有它,主机名要到建立SSL连接后才能进行通信,这意味着apache不知道要使用哪个证书。

But, at this point, it's simply not starting at all. 但是,在这一点上,它根本还没有开始。 I'm thinking to try regenerating the certificate and key and pem files, but I was pretty careful doing that in the first place. 我正在考虑尝试重新生成证书,密钥和pem文件,但首先要非常小心。 I'd like to understand what the real problem is. 我想了解真正的问题是什么。

1 个解决方案

解决方案1
 0  2015-01-13 22:17:54

I must have done something wrong when decrypting the secret key. 解密密钥时,我一定做错了。 I tried it again, and everything was fine. 我再次尝试,一切都很好。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 apache上的多个ssl虚拟主机 - multiple ssl virtual hosts on apache XAMPP Apache具有多个SSL主机问题 - XAMPP Apache with multiple SSL hosts issue Trac和Apache服务器:SSL和虚拟主机不起作用 - Trac & Apache Server: SSL & Virtual Hosts not working 在Apache上具有虚拟主机的多个PHP版本 - Multiple PHP versions with virtual hosts on Apache 多个apache虚拟主机的节点api - node api for multiple apache virtual hosts 在虚拟主机中使用多个站点(Apache) - Using multiple sites in virtual hosts (apache) Apache:多个虚拟主机和反向代理 - Apache: multiple virtual hosts and reverse proxy 在centos7上为多个虚拟主机配置apache - configuring apache for multiple virtual hosts on centos7 Apache多个虚拟主机用户权限 - Apache multiple virtual hosts user permissions 多个Django项目apache虚拟主机 - multiple Django projects apache virtual hosts
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM