托管在Apache多个SSL证书 [英] hosting multiple SSL certs on apache
问题描述
我希望有人能够给我一个手与此有关。我有2个IP地址,我可以用它来做到这一点,需要承载同一个Apache服务器上的2个不同的安全(SSL)域。我读过,例如Apache 2.2.something的单个IP可以使用,使用某种加载,但我想保持这种尽可能简单,我愿意同时使用IP地址来完成这一任务。我已经为域2签名的证书。
I hope someone can give me a hand with this. I have 2 IPs that I can use to do this and need to host 2 different secure (SSL) domains on the same Apache server. I've read that as of Apache 2.2.something that a single IP can be used, using some sort of add-in but I want to keep this as simple as possible and am willing to use both IPs to accomplish this task. I already have the 2 signed certificates for the domains.
该设置,我在这里张贴,工作,但我遇到的问题是,当我去domain2.net,我收到一个浏览器警告,告诉我该证书不匹配的域名,但匹配domain1.com
This setup that I am posting here, works, but the issue I am having is that when I go to domain2.net, I receive a browser warning telling me that the cert does not match the domain but matches domain1.com
我使用的CentOS 5和Apache 2.2.3。 CentOS的拥有的ssl.conf文件,这些线是什么,我相信是给我找麻烦:
I'm using CentOS 5 and Apache 2.2.3. CentOS has a ssl.conf file and these lines are what I believe are giving me trouble:
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
我是IM pression,我可以覆盖在虚拟主机容器这些价值观,并引用我需要的密钥,但它不会出现这种方式下。当我在ssl.conf文件注释这两行了,Apache将无法重新启动。该ssl_log提示:了SSLCertificateKeyFile
这是我的虚容器:
<VirtualHost 2.2.2.2:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain2.net.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain2.net.key
DocumentRoot "/var/www/domain2"
ServerName domain2.net
ServerAlias domain2.net
DirectoryIndex "index.php"
<Directory /var/www/html/domain2>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost 1.1.1.1:444>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/domain1.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/domain1.com.key
DocumentRoot "/var/www/html"
ServerName domain1.com
ServerAlias domain1.com
DirectoryIndex "index.php"
<Directory /var/www/html>
Options -Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
我怎样才能得到这两个领域使用SSL的工作?我也试着使用同一端口的不同的IP,但再次,Apache将无法重新启动。
How can I get these two domains to work using SSL? I've also tried to use the same port for the different IPs but again, Apache won't restart.
我真的失去了对这个所以,如果有人能伸出援助之手,我真的AP preciate它。
I'm truly lost on this so if someone could lend a hand, I'd really appreciate it.
推荐答案
问得好!
我是能够得到在同一台服务器上工作两个SSL证书。你应该能够做你正在尝试做的。
I was able to get two SSL certificates working on the same server. You should be able to do what you are trying to do.
在您的配置中脱颖而出,成为奇给我的东西:
The things in your configuration that stand out as odd to me:
-
我建议使用端口443为SSL保护的网站。你应该在阿帕奇的conf文件的特定指令某处侦听端口443对我来说是位于/etc/apache2/ports.conf
I'd suggest using port 443 for both SSL-protected sites. You should have a specific instruction in apache's conf files somewhere for listening on port 443. For me it is located in /etc/apache2/ports.conf
Listen 443
这似乎很奇怪,你有服务器名称和ServerAlias都为每个虚拟主机相同的域。尝试使ServerAlias不同或离开它:
It seems odd that you have ServerName and ServerAlias both using the same domain per virtual host. Try making the ServerAlias different or leaving it out:
ServerName domain1.com
ServerAlias www.domain1.com
我假设你更换你的IP和域的,发布的conf。即使他们是不是你正在使用的IP地址的实际,你可能要仔细检查,他们可以让你在正确的地方SSL之外(因为显然SSL不工作)。
I am assuming that you replaced your IPs and domains in your posted conf. Even if they are not the actual IPs you are using, you might want to double check that they can get you to the right place outside of SSL (since obviously SSL is not working).
检查apache2的错误日志的详细信息。对我来说,日志位于:/var/log/apache2/error.log。你可以设置它:
错误日志/var/log/apache2/error.log
Check the apache2 error log for more information. For me the log is located at: /var/log/apache2/error.log . You can set it with: ErrorLog /var/log/apache2/error.log
最后,供大家参考,这里是我的SSL默认(ssl.conf中)。我取代我的域名和IP地址与您在您的示例的conf使用的。我有多个子域与工作了NameVirtualHost,因为我有一个通配符证书:
And finally, for your reference here is my ssl-default (ssl.conf). I replaced my domains and IPs with the ones you used in your example conf. I have multiple subdomains working with NameVirtualHost since I have a wildcard cert:
<IfModule mod_ssl.c>
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
NameVirtualHost 1.1.1.1:443
NameVirtualHost 2.2.2.2:443
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
# 1.1.1.1 = domain1.com
<VirtualHost 1.1.1.1:443>
ServerName www.domain1.com
ServerAdmin admin@domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/www.domain1.com/web
DirectoryIndex index.php index.html
</VirtualHost>
<VirtualHost 1.1.1.1:443>
ServerName secure.domain1.com
ServerAdmin admin@domain1.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain1.key
SSLCertificateFile /var/www/ssl/wildcard.domain1.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
DocumentRoot /var/www/domain1/secure.domain1.com/
DirectoryIndex index.php index.html
</VirtualHost>
# 2.2.2.2 = *.domain2.com
<VirtualHost 2.2.2.2:443>
ServerName admin.domain2.com
ServerAdmin admin@domain2.com
SSLEngine on
SSLCertificateKeyFile /var/www/ssl/domain2.key
SSLCertificateFile /var/www/ssl/domain2.crt
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ErrorLog /var/log/apache2/error.log
DocumentRoot /var/www/domain2/secure.domain2.com/web
DirectoryIndex index.php index.html
php_flag display_errors on
php_value error_reporting 7
</VirtualHost>
</IfModule>
我希望这有助于!
I hope this helps!!
这篇关于托管在Apache多个SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
