Apache HTTPS重定向证书错误 [英] Apache HTTPS redirection certificate error

问题描述

我们有两个域(gis4business.co.uk和gis4business.com)指向使用apache托管的同一网站.我们正在整个网站上使用SSL，并为* .gis4business.co.uk提供了通配符SSL证书.

We have two domains (gis4business.co.uk and gis4business.com) that point to the same website hosted using apache. We are using SSL for the entire site and have a wildcard SSL certificate for *.gis4business.co.uk.

默认的apache conf文件(000-default.conf)具有配置为从http重定向到https的单个虚拟主机，如下所示:

The default apache conf file (000-default.conf) has a single virtual host configured to redirect from http to https as follows:

<VirtualHost *:80>
   ...
   Redirect permanent "/" "https://www.gis4business.co.uk/"
</VirtualHost>

然后，我们有一个默认的SSL配置文件(default-ssl.conf)，该文件具有一个配置如下的虚拟主机:

Then we have a default SSL config file (default-ssl.conf) that has single a virtual host configured as follows:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

对于以下网址，此配置可以正常工作:

This configuration is working as expected for the following urls:

• http://www.gis4business.co.uk
• http://www.gis4business.com
• https://www.gis4business.co.uk

• http://www.gis4business.co.uk
• http://www.gis4business.com
• https://www.gis4business.co.uk

但是，URL https://www.gis4business.com 会导致证书警告(在SSL_ERROR_BAD_CERT_DOMAIN中Firefox和chrome中的ERR_CERT_COMMON_NAME_INVALID).

However, the url https://www.gis4business.com results in a certificate warning (SSL_ERROR_BAD_CERT_DOMAIN in firefox and ERR_CERT_COMMON_NAME_INVALID in chrome).

很明显，它抱怨SSL证书与域(gis4business.com)不匹配，因此我假设我们需要从gis4business.com到gis4business.co.uk的HTTPS重定向.我们已经尝试了各种配置，但没有设法使重定向工作.

Its obviously complaining about the SSL certificate not matching the domain (gis4business.com), so I assume we need an HTTPS redirect from gis4business.com to gis4business.co.uk. We have experimented with various configurations and haven't managed to get a redirect working.

我们尝试过:

1)如下所示将另一个虚拟主机(*:443)添加到000-default.conf文件的顶部:

1) Adding another virtual host (*:443) to the top of the 000-default.conf file as follows:

<VirtualHost *:443> 
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt 
</VirtualHost>

2)如下所示，将另一个虚拟主机( default :443)添加到default-ssl.conf文件的顶部:

2) Adding another virtual host (default:443) to the top of the default-ssl.conf file as follows:

<VirtualHost _default_:443>
    ServerName gis4business.co.uk
    ServerAlias *.gis4business.co.uk www.gis4business.co.uk *gis4business.com www.gis4business.com gis4business.com
    Redirect permanent "/" "https://www.gis4business.co.uk/"
    ...
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/privatekey.key
    SSLCertificateChainFile /etc/ssl/certs/ca_certificate.crt
</VirtualHost>

如果可以将https从一个域重定向到另一个域而没有证书错误，那么什么是正确的配置才能使它起作用?

If redirection of https from one domain to another is possible without certificate errors, then what is the correct configuration to make it work?

推荐答案

让我们看看重定向指令有效

Redirect指令通过要求客户端在新位置重新获取资源来将旧的URL映射到新的URL.

The Redirect directive maps an old URL into a new one by asking the client to refetch the resource at the new location.

第一个请求由apache处理，生成一个30x响应以自动将浏览器重定向到新URL

The first request is processed by apache generating a 30x response to automatically redirect browser to the new URL

           browser                       SERVER             SSL  cert
https://www.gis4business.com       -->  redirect     *.gis4business.co.uk
           302-redirect            <-- 
https://www.gis4business.co.uk/    -->  process      *.gis4business.co.uk

第一个请求是使用发给*.gis4business.co.uk的证书从https://www.gis4business.com提供的，因此因此被视为无效

The first request is served from https://www.gis4business.com using a certificate issued to *.gis4business.co.uk, so it is considered invalid consequently

要修复此问题，您需要使用颁发给www.gis4business.com或*.gis4business.com的证书.定义新的虚拟主机或使用两个主机名请求新的证书.

To fix it you need to use a certificate issued to www.gis4business.com or *.gis4business.com. Define a new virtual host or request a new certificate with both hostnames.

这篇关于Apache HTTPS重定向证书错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！