apache的证书文件-crt,pem,key,p7b…我迷路了
[英]certificate files for apache - crt,pem,key,p7b … i am lost
问题描述
i have a Question about the certificate files and how to get a site to run on SSL. 
我对证书文件以及如何使站点在SSL上运行有疑问。 Apache is running and SSL is built in. i am past the SSLSessionCache warning and here i am - every time the same problem - i get a mail with some files and i do not know which file is what. Apache正在运行,并且内置了SSL。我已经过了SSLSessionCache警告,在这里-每当遇到相同问题时,我都会收到包含某些文件的邮件,但我不知道哪个文件是什么。
I have a .key, .pem and a .p7b file and i have the VirtualHost config - how do i know which file is what? 我有一个.key,.pem和.p7b文件,并且我具有VirtualHost配置-如何知道哪个文件是什么?
- SSLCertificateFile ? SSLCertificateFile?
- SSLCertificateKeyFile <-- .key (i think) SSLCertificateKeyFile <-.key(我认为)
- SSLCertificateChainFile ? SSLCertificateChainFile吗?
and do i need to convert a file with openssl? 我需要使用openssl转换文件吗?
This Server is an internal Server and the certificate was issued in our company. 该服务器是内部服务器,证书由我们公司颁发。
1 个解决方案
解决方案1
2 2016-01-26 09:39:56
the certificate was issued in our company.
Any reason to not ask whoever issued the certificate the meaning of each file? 是否有理由不问颁发证书的人每个文件的含义?
Apache requires the key and the certificate to be PEM-encoded. Apache要求对密钥和证书进行PEM编码。 You can use this tool or OpenSSL to convert the . 您可以使用此工具或OpenSSL转换。 p7b to PEM. p7b至PEM。
It's hard to know what's inside the .pem and .key file without looking at the content. 不查看内容就很难知道.pem和.key文件中的内容。 You can try to use the following OpenSSL commands to check which one does not fail: 您可以尝试使用以下OpenSSL命令来检查哪些不会失败:
# if it works, it's a CSR
openssl req -in file.pem -noout -text
# if it works, it's a certificate
openssl x509 -in file.pem -noout -text
# if it works, it's a private key
openssl rsa -in file.pem -noout -text
The chain file it's easier to spot, because it will contain several PEM-encoded certificates listed one after the other. 链文件更容易发现,因为它将包含几个PEM编码的证书,一个接一个地列出。
Depending on the Apache version, you may or may not need the SSLCertificateChainFile directive. 根据Apache版本的不同,您可能需要SSLCertificateChainFile指令,也可能不需要。 Newer versions require you to bundle the chain and the server certificate in a single file and pass it to SSLCertificateFile . 较新的版本要求您将链和服务器证书捆绑在一个文件中,然后将其传递给SSLCertificateFile 。 Check your Apache version and compare it with the online documentation. 检查您的Apache版本,并将其与在线文档进行比较。
Assuming it's an old version: 假设它是旧版本:
-
SSLCertificateFilepoints to the server certificate fileSSLCertificateFile指向服务器证书文件 -
SSLCertificateChainFilepoints to the intermediate certificate (if it's self-signed, you don't have them)SSLCertificateChainFile指向中间证书(如果它是自签名的,则没有它们) -
SSLCertificateKeyFilepoints to the keySSLCertificateKeyFile指向密钥
If it's a newer version, ignore SSLCertificateChainFile and concatenate the server plus the chain (if any) in a single file you supply to SSLCertificateFile . 如果是较新的版本,请忽略SSLCertificateChainFile并将服务器和链(如果有的话)串联在提供给SSLCertificateFile的单个文件中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.