Apache HTTP服务器上的SSL [英] SSL on Apache HTTP Server
问题描述
我有2个crt文件用于Apache服务器:
I have 2 crt files for Apache server:
- 1_root_bundle.crt
- 2_my_domain_name.com.crt
和其他捆绑包:
- 1_Intermediate.crt
- 2_my_domain_name.com.crt
- root.crt
我已经修改
/etc/apache2/sites-available/default-ssl.conf
并尝试了上述文件的各种组合,但是在Apache2服务重启后SSL无法正常工作,浏览器显示连接不安全":
And tried various combinations of above mentioned files but after Apache2 service restart SSL does not work, browser shows "Connection is not secure":
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/1_Intermediate.crt
SSLCertificateKeyFile /etc/apache2/ssl/2_my_domain_name.com.crt
SSLCertificateChainFile /etc/apache2/ssl/root.crt
如何在Apache服务器上制作SSL?
How to make SSL on Apache server?
推荐答案
它缺少带有证书私钥的密钥文件.通常,它具有 .key
扩展名,例如 2_my_domain_name.com.key
,文件内容以 ----- BEGIN PRIVATE KEY -----
It is missing the key file with your certificate private key. Usually it has the .key
extension like 2_my_domain_name.com.key
and the file content starts with -----BEGIN PRIVATE KEY-----
您的配置应如下所示
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/2_my_domain_name.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/2_my_domain_name.com.key
SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt
SSLCertificateChainFile指向一个多文件,您可以在其中组合构成服务器证书的证书链的证书颁发机构(CA)的证书.
The SSLCertificateChainFile points to a all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate.
因此,请确保 1_root_bundle.crt
包含 1_Intermediate.crt
内容并采用PEM格式(带有的base64 --- BEGIN CERTIFICATE --- ----END CERTIFICATE ---
标头)
So ensure that 1_root_bundle.crt
contains 1_Intermediate.crt
content and is in PEM format (base64 with --- BEGIN CERTIFICATE --- ----END CERTIFICATE---
headers)
如果使用apache> = 2.4.8,您还可以将指向 SSLCertificateFile
If you use apache >= 2.4.8 you could also concatenate all certificates in the file pointed at SSLCertificateFile
当扩展SSLCertificateFile以便从服务器证书文件中加载中间CA证书时,SSLCertificateChainFile在2.4.8版本中已过时.
SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.
这篇关于Apache HTTP服务器上的SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!