使用Godaddy安装SSL证书 [英] Installing an ssl certificate with godaddy
问题描述
所以根据: http://support.godaddy.com/help/article/5238/在Apache中安装SSL证书
在ssl.cof中为Apache 2.x编辑以下行:
There is the following line to edit in ssl.cof for Apache 2.x:
SSLCertificateChainFile/path/to/intermediate/bundle/file
SSLCertificateChainFile /path/to/intermediate/bundle/file
好吧,我在一个zip文件中收到了gd_bundle.crt和我的域的证书.但是,嘿,哪个是中间文件/捆绑文件/文件-可能是gd_bundle.crt还是来自其存储库的任何人:
Well, I received gd_bundle.crt and my domain's certificate in a zip file. But hey, which one is the intermediate/bundle/file - could it possibly be gd_bundle.crt or is it anyone from their repository:
https://certs.godaddy.com/anonymous/repository.seam
因为我已经用gd_bundle.crt填充了一行,所以我猜它是另一个文件,但是该存储库链接中的哪个?
Because I've already filled one line with gd_bundle.crt so my guess it is another file, but which one out of that repository link?
谢谢.
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/httpd/conf/gd_bundle.crt
这是要配置的四行,其中有两行肯定可以,但是另两行我不知道,特别是gd_bundle.crt到哪里去了,以及我缺少的那份证书(没有来)压缩文件中的所有内容,然后我一直走到存储库链接,我不知道该决定要下载哪个文件的应用程序.
This are the four lines to be configured out of which two for sure are ok but the other two I do not know, specially where does gd_bundle.crt go and which certificate is it that I'm missing that didn't come in the zip file and took me all the road up to the repository link in which I don't know on which file to decide to download an apply.
SSLCertificateFile /etc/httpd/conf/subgram.com.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCACertificateFile /etc/httpd/conf/gd_bundle.crt
推荐答案
我会回答您的问题,但是我想指出的方向是可以帮助您在将来获得更好帮助之前的方向.
I will answer your question, but I'd like to kindly point you in the direction that will help you get better assistance in the future before I do.
首先,有一个原因使您的问题没有引起足够的重视.询问方式不会从登机口获得答案. 1)这更多是关于服务器故障的问题,因为它与Web服务器管理相比,与编程无关,要做的更多. 2)您在标题中没有提到apache. 3)您提到了一家特定的公司Godaddy,诸如在Apache 2.x中安装SSL证书"之类的方法可能会更好,然后提及有关您的CA如何颁发证书的细节.这是一个非常常见的问题,很可能存在现有的线程,很明显您在问一个问题之前没有读过.这不仅超出了您的单个问题,而且将帮助您更好地回答以后遇到的每个单个问题.请参阅 http://www.catb.org/esr/faqs/smart-questions. html
First, there is a reason your question hasn't got much attention. It is asked in a way which is not going to get answers from the gate. 1) This is more of a question for serverfault, since it has to do more with web server administration than programming. 2) you didn't mention apache in the title. 3) You mention a specific company, Godaddy, something like "Installing an SSL certificate in Apache 2.x" would probably be better, and then mention the specifics about how your CA issues a certificate. This is a really common question, and there are probably existing threads which it is clear you didn't read before asking a question. This goes beyond your single problem, but will help you better answer every single question you have in the future a bit better. See http://www.catb.org/esr/faqs/smart-questions.html
这可能是阅读有关SSL证书如何工作以及如何在Apache中进行配置的一些文档的绝佳机会.
This is probably an excellent opportunity to read up on some documentation about how SSL certificates work, and how they are configured in Apache as well.
因为我已经用gd_bundle.crt填充了一行,所以我猜是 是另一个文件,但是该存储库链接中的哪个?
Because I've already filled one line with gd_bundle.crt so my guess it is another file, but which one out of that repository link?
这些链接都不包含证书链和根证书.
None of them, that link only contains the Certificate Chain and Root Certificates.
IBM并没有尝试描述什么是证书链文件,而是做了比我更好的工作.这是了解如何解决问题的第一步.
Rather than try to describe what a Certificate Chain file is, IBM has done a much better job than I. This is step #1 in understanding how to solve your problem:
When you receive the certificate for another entity, you might need to use a certificate chain to obtain the root CA certificate. The certificate chain, also known as the certification path, is a list of certificates used to authenticate an entity. The chain, or path, begins with the certificate of that entity, and each certificate in the chain is signed by the entity identified by the next certificate in the chain. The chain terminates with a root CA certificate. The root CA certificate is always signed by the CA itself. The signatures of all certificates in the chain must be verified until the root CA certificate is reached.
基本上,这意味着证书链文件是您需要的,以便正确验证证书. .crt文件指示它在一个文件或它们的某种组合中包含公用,专用和根证书文件.
This means basically, that the Certificate Chain file is what you will need in order for your certificate to be properly verified. A .crt file indicates it contains public, private, and root certificate files in one file, or some combination thereof.
第2步
.pem文件通常仅意味着一个公共证书,这是您将用于SSLCertificateFile的文件.仅在其中存在多个证书的情况下,使用.crt命名该文件才是正确的规范,如果从CA获得证书,则很可能没有.您提到您收到了来自Godaddy的一些文件,其中一个就是该文件.
A .pem file usually means just one public certificate, this is the file you will use for SSLCertificateFile. Naming this file with .crt is only canonically correct if theres more than one cert in there, which most likely there is not if you are getting a cert from your CA. You mentioned you received some files from Godaddy, one of them is going to be this file.
第3步
SSLCertificateKeyFile将是一个私钥文件,该证书是在颁发证书的过程中/之后的某个时候提供的.我无法确切地说出Godaddy的流程,我只能描述流程的基本原理,而且每个CA在颁发证书的方式上都是不同的.不要忘记为此证书设置适当的权限(实际上,如果此文件未设置为600权限,我认为Apache将无法启动).
SSLCertificateKeyFile will be a private key file that was provided at some point after / during your certificate was issued. I can't say exactly what Godaddy's process, I can only describe the fundamentals of the process, and each CA is different in how they issue certificates. Don't forget to set the proper permissions on this certificate (in fact I think Apache will fail to start if this file is not set to 600 permissions).
这应该为您提供足够的信息以继续运行.涉及到Godaddy的SSL发行过程的任何其他问题,对于Godaddy的支持,不仅仅是StackOverflow/ServerFault.
This should give you enough information to go on to get up and running. Anything else that involves navigating Godaddy's SSL issuance process is a question more for Godaddy support than StackOverflow / ServerFault.
祝你好运.
这篇关于使用Godaddy安装SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
