[英]Permanently redirect any url whether https or http to specific https url for which ssl certificate applies with apache
[英]SSL Certificate at a specific URL on Apache
是否可以为域内的特定URL配置SSL证书密钥文件(双向)?
是的,使用mod_rewrite
。 但我确实需要保留请求的域和URL。
当前domain.com.conf
配置:
<VirtualHost domain.com:443>
ServerAdmin name@domain.com
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/server.cer
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /usr/local/apache2/conf/ca.cer
<location />
Order allow,deny
allow from all
SSLRequire (%{SSL_CLIENT_S_DN_CN} eq "clientcn")
</location>
DocumentRoot /usr/local/apache2/htdocs/
<Directory "/usr/local/apache2/htdocs">
Options FollowSymLinks
AllowOverride None
allow from all
</Directory>
LogLevel warn
ErrorLog /usr/local/apache2/conf/logs/error.log
CustomLog /usr/local/apache2/conf/logs/ssl_access.log combined
BrowserMatch ".*MSIE.*"\
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
不行, 这是不可能的 。
SSL握手在任何路由/端点分派发生之前在服务器级别进行。 直到成功进行TLS协商之后,才考虑HTTP标头中的完整URL。
例如,在该URL上使用curl可以查看它首先连接到主机,然后,并且仅当形成了可信连接时,它才会通过URI干。
curl -vI https://stackoverflow.com/questions/42718090/ssl-certificate-at-a-specific-url-on-apache
* Trying 151.101.193.69... * Connected to stackoverflow.com (151.101.193.69) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 714 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.stackexchange.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=NY,L=New York,O=Stack Exchange\\, Inc.,CN=*.stackexchange.com * start date: Sat, 21 May 2016 00:00:00 GMT * expire date: Wed, 14 Aug 2019 12:00:00 GMT * issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert SHA2 High Assurance Server CA * compression: NULL * ALPN, server accepted to use http/1.1 > HEAD /questions/42718090/ssl-certificate-at-a-specific-url-on-apache HTTP/1.1 > Host: stackoverflow.com > User-Agent: curl/7.47.0 > Accept: */*
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.