HTTPS请求仅向www子域发出问题 [英] Issue with HTTPS requests only to www subdomain
问题描述
我将Apache配置为提供HTTPS请求并将所有HTTP请求重定向到HTTPS。但是......
I configured Apache to serve HTTPS requests and redirect all HTTP requests to HTTPS. But...
- http:// example .com 的作品
- http://www.example.com 作品
- https://example.com 有效
- https://www.example.com 不起作用
- http://example.com works
- http://www.example.com works
- https://example.com works
- https://www.example.com does not work
https:// www .example.com ,Web浏览器只是挂起,Apache在日志中没有显示任何内容,没有错误,没有访问。我甚至不确定这是一个Apache问题,我有点迷失。任何提示?
For https://www.example.com, the web browser just hangs and Apache shows nothing in the logs, no errors, no accesses. I am not even sure this is an Apache issue, I am a bit lost. Any hints?
我的SSL证书有CN example.com
,我的Apache配置文件是:
My SSL certificate has CN example.com
and my Apache config file is:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot ...
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot ...
SSLEngine on
...
</VirtualHost>
推荐答案
Gandi的文档说:如果您要激活单地址证书,如果您使用裸域创建CSR(例如example.com),www子域名由CA自动添加,例如,example.com将保护example.com和www.example.com。反之亦然,如果您使用www子域创建CSR,则裸域也将是安全的。
我恰好生成了一个使用 www.example.com
作为公共名称,但无论文档说什么是自动的东西,我都确保在 .cnf <中包含alt名称我用于生成CSR的OpenSSL的/ code>:
I just happen to have generated one with www.example.com
as the Common Name but whatever the doc said with things being automatic I made sure to include alt names in the .cnf
for OpenSSL that I used to generate the CSR with:
[ req ]
default_md = sha256
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
prompt = no
string_mask = utf8only
distinguished_name = host_distinguished_name
req_extensions = host_extensions
[ host_distinguished_name ]
commonName = www.example.com
stateOrProvinceName = Somewhere
countryName = US
emailAddress = root@example.com
organizationName = ACME
[ host_extensions ]
subjectAltName = @alt-names
basicConstraints = CA:false
[ alt-names ]
DNS.1 = www.example.com
DNS.2 = example.com
在某些Debian上生成私钥和CSR with:
Generated the private key and CSR on some Debian with:
$ subject=www.example.com
$ openssl genrsa -out ${subject}.key 2048
$ openssl req -config ${subject}.cnf -new -key ${subject}.key -out ${subject}.csr
这篇关于HTTPS请求仅向www子域发出问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!