如何綁定具有crt文件的SSL證書
[英]How to bind SSL certificate having crt file
問題描述
我正在網站上安裝SSL證書,但嘗試按照以下步驟操作,但網站仍無法在https中正常工作,並且仍在http上工作
我已經在下面綁定了我的crt文件
<VirtualHost _default_:443>
DocumentRoot /var/www/http
ServerName my_domain.com
SSLEngine on
SSLCertificateFile /path/to/coolexample.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCertificateChainFile /path/to/intermediate.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
鍵入此命令apache2ctl configtest它顯示語法OK
但是鍵入最后一個命令后apache2ctl restart它顯示以下錯誤消息
httpd未運行,正在嘗試啟動
(13)權限被拒絕:AH00072:make_sock:無法綁定到地址[::]:80
(13)權限被拒絕:AH00072:make_sock:無法綁定到地址0.0.0.0:80
沒有可用的偵聽套接字,正在關閉
AH00015:無法打開日志
動作“重新啟動”失敗。
Apache錯誤日志可能包含更多信息。
1 個解決方案
解決方案1
0 2019-08-10 10:46:13
要激活SSL加密,您需要為端口443額外安裝一個VirtualHost。通常在Apache/conf/extra/httpd-ssl.conf (平台依賴)中完成此操作。
在這樣的文件中,您需要輸入類似(Windows示例)的條目:
<VirtualHost *:443>
DocumentRoot "C:/webserver/html/my_html"
ServerName www.example.com
Protocols h2 http/1.1
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:SEED-SHA:DHE-RSA-SEED-SHA:!DSS
SSLHonorCipherOrder on
SSLCompression off
SSLCertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-crt.pem"
SSLCertificateKeyFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/portal.digipen.de-key.pem"
SSLCACertificateFile "C:/ProgramData/letsencrypt-win-simple/httpsacme-v01.api.letsencrypt.org/ca-portal.digipen.de-crt.pem"
<IfModule headers_module>
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
Header always set x-frame-options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLProxyEngine on
EnableSendfile off
EnableMMAP off
</VirtualHost>
SSL:無法加載CA證書文件/etc/pki/tls/certs/ca-bundle.crt
[英]SSL: can't load CA certificate file /etc/pki/tls/certs/ca-bundle.crt
我可以僅從SSLCertificateKeyFile.key和SSLCertificateFile.crt文件創建ssl證書鏈嗎?
[英]Can I create ssl certificate chain from only SSLCertificateKeyFile.key and SSLCertificateFile.crt files?
您如何避免必須為托管域擁有第二個SSL證書?
[英]How do you negate having to have a second SSL certificate for a parked domain?
用於更新 ssl.conf 中 ssl 證書文件的路徑的 Bash 腳本
[英]Bash script to update path to ssl certificate file in ssl.conf
對於 Apache SSL 證書,我是否需要將 .CER 轉換為 .CRT? 如果是這樣,如何?
[英]Do I need to convert .CER to .CRT for Apache SSL certificates? If so, how?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
SSL-如何正確創建鏈接的CRT文件?
SSL:無法加載CA證書文件/etc/pki/tls/certs/ca-bundle.crt
我可以僅從SSLCertificateKeyFile.key和SSLCertificateFile.crt文件創建ssl證書鏈嗎?
您如何避免必須為托管域擁有第二個SSL證書?
Apache2 SSL證書文件問題
用於更新 ssl.conf 中 ssl 證書文件的路徑的 Bash 腳本
對於 Apache SSL 證書,我是否需要將 .CER 轉換為 .CRT? 如果是這樣,如何?
如何從SSL證書創建私鑰?
如何使用 Apache 和 Nginx 安裝 ssl 證書
如何在ubuntu的apache服務器中安裝SSL證書
相關標簽