[英]Can`t install Comodo SSL certificate on Centos7 apache2
I have bought Comodo PositiveSSL. 我已经购买了Comodo PositiveSSL。 Now I have certificate.key and zip-archive which is contains 4 files. 现在我有certificate.key和zip-archive,其中包含4个文件。
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
Firstly I`ve read that I have to join this files into one mySite.ca-build. 首先,我读到我必须将这些文件加入一个mySite.ca-build。
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
Secondly I saved there files into /usr/local/ssl/my_site/. 其次,我将那里的文件保存到/ usr / local / ssl / my_site /中。
then I go to 然后我去
/etc/httpd/conf.d/my_site_ru.conf /etc/httpd/conf.d/my_site_ru.conf
and added this 并添加了这个
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
but after 但是之后
systemctl restart httpd
i got an error 我有一个错误
Bad Request Your browser sent a request that this server could not understand. 错误的请求您的浏览器发送了此服务器无法理解的请求。 Reason: You're speaking plain HTTP to an SSL-enabled server port. 原因:您正在对启用SSL的服务器端口使用纯HTTP。 Instead use the HTTPS scheme to access this URL, please. 请改用HTTPS方案访问此URL。
if I try to open my site with https://my_domain.ru I see next 如果我尝试使用https://my_domain.ru打开我的网站,我会看到下一个
Connection is not secure 连接不安全
You have a turned on SSL configuration on port 80, where are expected non-ssl config. 您已在端口80上打开了SSL配置,该端口应为非SSL配置。
You have to have two apache configs: one for port 80
, where you will have no SSL directives and another one for port 443
, where you will have SSL turned on. 您必须具有两个apache配置:一个用于端口80
,您将没有SSL指令,另一个用于端口443
,您将在其中打开SSL。
Simple example: 简单的例子:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.