在AWS EC2我的Apache服务器上无法安装SSL密钥 [英] Cannot setup SSL keys on my apache server in AWS EC2
问题描述
我对AWS EC2实例,与Apache服务器。
I have an EC2 instance on AWS, with Apache server.
我购买了从Comodo SSL证书,并安装了以下文件在/ etc / PKI / TLS /私营/: server.ca束server.crt server.key
I purchased an SSL certificate from Comodo and installed the following files in /etc/pki/tls/private/: server.ca-bundle server.crt server.key
我还添加了以下几行/etc/httpd/conf/httpd.conf中:
I also added the following lines to /etc/httpd/conf/httpd.conf:
<VirtualHost www.mydomain.com:443>
ServerName www.mydomain.com
DocumentRoot "/var/www/html"
SSLENGINE on
SSLCertificateFile /etc/pki/tls/private/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
SSLCertificateChainFile /etc/pki/tls/private/server.ca-bundle
</VirtualHost>
和重新启动HTTP服务器。
and restarted the http server.
但是,试图通过 https://www.mydomain.com 访问我的网站时,有一个证书错误警告(但是如果我继续通过警告,该网站的显示效果)。
But when trying to access my site through https://www.mydomain.com there is a certificate error warning (but if I continue through the warning, the site shows well).
我检查了ssltool.com,得到: 测试www.mydomain.com本网站不一样的主题CN的IP-10-203-65-225! 不用说,关键文件的创建与我的域名(CN = www.mydomain.com),而不是与包含IP的名称。 当我在UNIX shell中输入主机名,我确实是拿到的IP-10-203-65-225',这是一件好事,亚马逊会自动给它。但是,即使我改变它(在/ etc / sysconfig / network中),它仍然被视为IP-10-203-65-225。
I checked with ssltool.com and got: The site tested www.mydomain.com is NOT the same as the Subject CN ip-10-203-65-225! Needless to say, the key file was created with my domain name (CN=www.mydomain.com) and not with the name containing the ip. When I enter "hostname" in the unix shell, I indeed get 'ip-10-203-65-225', which is something that Amazon gave it automatically. But even if I change it (in /etc/sysconfig/network) it is still seen as ip-10-203-65-225.
在另一方面,同样的问题被视为没有安装密钥:即使我删除httpd.conf中这些行,并删除密钥文件,浏览器警告有关证书错误,因为如果有一个自我签名证书并与ssltool.com同样的错误。如此看来,这不是我的密钥文件无效,而是服务器不使用它们...
On the other hand, the same problem is viewed without installing the keys: Even if I remove those lines from httpd.conf, and remove the key files, the browsers warn about a certificate error, as if there is a self-signed certificate and with the same error on ssltool.com. So it seems that it's not that my key files are invalid but rather that the server doesn't use them at all...
我完全糊涂了。请任何人可以帮助?
I'm totally confused. Please can anybody help?
推荐答案
由于种种原因,没有一个网页,我访问了寻求答案提到,上述各行应在
For some reasons, none of the pages I visited to seek for the answer mentioned that the above lines should be in
/etc/httpd/conf.d/ssl.conf
而不是
/etc/httpd/conf/httpd.conf
(而不是内部&LT;虚拟主机&gt;部分)
(and not inside a <virtualHost> section)
这篇关于在AWS EC2我的Apache服务器上无法安装SSL密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
