Apache HTTP服务器上的SSL [英] SSL on Apache HTTP Server

问题描述

我有2个crt文件用于Apache服务器:

I have 2 crt files for Apache server:

• 1_root_bundle.crt
• 2_my_domain_name.com.crt

和其他捆绑包:

• 1_Intermediate.crt
• 2_my_domain_name.com.crt
• root.crt

我已经修改

/etc/apache2/sites-available/default-ssl.conf 

并尝试了上述文件的各种组合，但是在Apache2服务重启后SSL无法正常工作，浏览器显示连接不安全":

And tried various combinations of above mentioned files but after Apache2 service restart SSL does not work, browser shows "Connection is not secure":

SSLEngine on
SSLCertificateFile      /etc/apache2/ssl/1_Intermediate.crt
SSLCertificateKeyFile   /etc/apache2/ssl/2_my_domain_name.com.crt
SSLCertificateChainFile /etc/apache2/ssl/root.crt

如何在Apache服务器上制作SSL?

How to make SSL on Apache server?

推荐答案

它缺少带有证书私钥的密钥文件.通常，它具有 .key 扩展名，例如 2_my_domain_name.com.key ，文件内容以 ----- BEGIN PRIVATE KEY -----

It is missing the key file with your certificate private key. Usually it has the .key extension like 2_my_domain_name.com.key and the file content starts with -----BEGIN PRIVATE KEY-----

您的配置应如下所示

SSLEngine on
SSLCertificateFile      /etc/apache2/ssl/2_my_domain_name.com.crt
SSLCertificateKeyFile   /etc/apache2/ssl/2_my_domain_name.com.key
SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt

SSLCertificateChainFile指向一个多文件，您可以在其中组合构成服务器证书的证书链的证书颁发机构(CA)的证书.

The SSLCertificateChainFile points to a all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate.

因此，请确保 1_root_bundle.crt 包含 1_Intermediate.crt 内容并采用PEM格式(带有的base64 --- BEGIN CERTIFICATE --- ----END CERTIFICATE --- 标头)

So ensure that 1_root_bundle.crt contains 1_Intermediate.crt content and is in PEM format (base64 with --- BEGIN CERTIFICATE --- ----END CERTIFICATE--- headers)

如果使用apache> = 2.4.8，您还可以将指向 SSLCertificateFile

If you use apache >= 2.4.8 you could also concatenate all certificates in the file pointed at SSLCertificateFile

当扩展SSLCertificateFile以便从服务器证书文件中加载中间CA证书时，SSLCertificateChainFile在2.4.8版本中已过时.

SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file.

这篇关于Apache HTTP服务器上的SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！