HTTPS请求仅向www子域发出问题 [英] Issue with HTTPS requests only to www subdomain

问题描述

我将Apache配置为提供HTTPS请求并将所有HTTP请求重定向到HTTPS。但是......

I configured Apache to serve HTTPS requests and redirect all HTTP requests to HTTPS. But...

• http：// example .com 的作品


• http://www.example.com 作品


• https://example.com 有效


• https://www.example.com 不起作用

• http://example.com works
• http://www.example.com works
• https://example.com works
• https://www.example.com does not work

https：// www .example.com ，Web浏览器只是挂起，Apache在日志中没有显示任何内容，没有错误，没有访问。我甚至不确定这是一个Apache问题，我有点迷失。任何提示？

For https://www.example.com, the web browser just hangs and Apache shows nothing in the logs, no errors, no accesses. I am not even sure this is an Apache issue, I am a bit lost. Any hints?

我的SSL证书有CN example.com ，我的Apache配置文件是：

My SSL certificate has CN example.com and my Apache config file is:

<VirtualHost *:80>
        ServerName example.com
        ServerAlias www.example.com
        DocumentRoot ...
        Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost _default_:443>
        ServerName example.com
        ServerAlias www.example.com

        DocumentRoot ...    
        SSLEngine on
        ...    
</VirtualHost>

推荐答案

Gandi的文档说：如果您要激活单地址证书，如果您使用裸域创建CSR（例如example.com），www子域名由CA自动添加，例如，example.com将保护example.com和www.example.com。反之亦然，如果您使用www子域创建CSR，则裸域也将是安全的。

我恰好生成了一个使用 www.example.com 作为公共名称，但无论文档说什么是自动的东西，我都确保在 .cnf <中包含alt名称我用于生成CSR的OpenSSL的/ code>：

I just happen to have generated one with www.example.com as the Common Name but whatever the doc said with things being automatic I made sure to include alt names in the .cnf for OpenSSL that I used to generate the CSR with:

[ req ]
default_md = sha256
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
prompt = no
string_mask = utf8only
distinguished_name = host_distinguished_name
req_extensions = host_extensions

[ host_distinguished_name ]
commonName = www.example.com
stateOrProvinceName = Somewhere
countryName = US
emailAddress = root@example.com
organizationName = ACME

[ host_extensions ]
subjectAltName = @alt-names
basicConstraints = CA:false

[ alt-names ]
DNS.1 = www.example.com
DNS.2 = example.com

在某些Debian上生成私钥和CSR with：

Generated the private key and CSR on some Debian with:

$ subject=www.example.com
$ openssl genrsa -out ${subject}.key 2048
$ openssl req -config ${subject}.cnf -new -key ${subject}.key -out ${subject}.csr

这篇关于HTTPS请求仅向www子域发出问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！