堆栈内存溢出
  繁体   English   中英

Apache上特定URL上的SSL证书

[英]SSL Certificate at a specific URL on Apache

 原文  2017-03-10 12:08:25       apache/ ssl/ ssl-certificate

问题描述

是否可以为域内的特定URL配置SSL证书密钥文件(双向)?

是的,使用mod_rewrite 但我确实需要保留请求的域和URL。

当前domain.com.conf配置: 

<VirtualHost domain.com:443>
    ServerAdmin name@domain.com
    SSLEngine on
    SSLCertificateFile    /usr/local/apache2/conf/server.cer
    SSLCertificateKeyFile /usr/local/apache2/conf/server.key

    SSLVerifyClient require
    SSLVerifyDepth 10
    SSLCACertificateFile /usr/local/apache2/conf/ca.cer

    <location />
        Order allow,deny
        allow from all
        SSLRequire (%{SSL_CLIENT_S_DN_CN} eq "clientcn")
    </location>

    DocumentRoot /usr/local/apache2/htdocs/
    <Directory "/usr/local/apache2/htdocs">
        Options FollowSymLinks
        AllowOverride None
        allow from all
    </Directory>

    LogLevel warn
    ErrorLog /usr/local/apache2/conf/logs/error.log
    CustomLog /usr/local/apache2/conf/logs/ssl_access.log combined

    BrowserMatch ".*MSIE.*"\
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
</VirtualHost>

1 个解决方案

解决方案1
 2 已采纳  2017-03-10 15:41:54

不行, 这是不可能的

SSL握手在任何路由/端点分派发生之前在服务器级别进行。 直到成功进行TLS协商之后,才考虑HTTP标头中的完整URL。

例如,在该URL上使用curl可以查看它首先连接到主机,然后,并且仅当形成了可信连接时,它才会通过URI干。 

curl -vI https://stackoverflow.com/questions/42718090/ssl-certificate-at-a-specific-url-on-apache

 * Trying 151.101.193.69... * Connected to stackoverflow.com (151.101.193.69) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 714 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.stackexchange.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=NY,L=New York,O=Stack Exchange\\, Inc.,CN=*.stackexchange.com * start date: Sat, 21 May 2016 00:00:00 GMT * expire date: Wed, 14 Aug 2019 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 High Assurance Server CA * compression: NULL * ALPN, server accepted to use http/1.1 > HEAD /questions/42718090/ssl-certificate-at-a-specific-url-on-apache HTTP/1.1 > Host: stackoverflow.com > User-Agent: curl/7.47.0 > Accept: */*

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 永久将任何URL(无论是https还是http)重定向到ssl证书适用于apache的特定https URL Apache SSL请求证书 Apache SSL证书 安装ssl证书apache 续订Apache SSL证书 Apache中无效的SSL证书 apache错误的ssl证书 SSL证书安装apache 2无法正常工作 使用现有证书的Apache中的错误SSL apache CentOS上的COMODO SSL证书
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM