ssl - 安装证书后 httpd 不启动

标签 ssl apache2 ssl-certificate

<分区>

我有一个 ssl 证书并且我正在运行 ubuntu

domain.crt 和 domain.ca-bundle 文件以及指定的文件夹中,但无论我如何不断收到这些错误

[Sat Jul 27 06:35:00 2013] [error] Unable to configure verify locations for client authentication
[Sat Jul 27 06:35:00 2013] [error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
[Sat Jul 27 06:36:55 2013] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/default-ssl:2)

我的port.conf是

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
NameVirtualHost *:443
    Listen 443
</IfModule>

我的默认ssl如下

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName www.domain.com
        ServerAlias domain.com
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
                           -----------
                        ---------------
 -------------------- more configs



#   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        #   A self-signed (snakeoil) certificate can be created by installing
        #   the ssl-cert package. See
        #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
        #   If both key and certificate are stored in the same file, only the
        #   SSLCertificateFile directive is needed.
        #   SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateFile  /etc/ssl/private/domain.crt
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        SSLCertificateChainFile /etc/ssl/private/domain.ca-bundle

最佳答案

解决方案

我在/etc/apache2/apache2.conf 中添加了这些

SSLCertificateFile your.crt
SSLCertificateKeyFile your.key
SSLCertificateChainFile your_bundle.crt

长篇

当我在 apache 中启用 ssh 读取文件/usr/share/doc/apache2.2-common/README.Debian.gz 时出现一些消息,它说:

6) Message "Server should be SSL-aware but has no certificate configured" in
   error log

Since 2.2.12, Apache is stricter about certain misconfigurations concerning
name based SSL virtual hosts. See NEWS.Debian.gz for more details.

新闻说:

  * The new support for TLS Server Name Indication added in 2.2.12 causes
    Apache to be stricter about certain misconfigurations involving name
    based SSL virtual hosts. This may result in Apache refusing to start
    with the logged error message:

        Server should be SSL-aware but has no certificate configured
        [Hint: SSLCertificateFile]

    Up to 2.2.11, Apache accepted configurations where the necessary SSL
    configuration statements were included in the first (default)
    <Virtualhost *:443> block but not in subsequent <Virtualhost *:443>
    blocks. Starting with 2.2.12, every VirtualHost block used with SSL must
    contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile
    directives (SSLCertificateKeyFile is optional in some cases).

    When you encounter the above problem, the output of the command

        egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \
            /etc/apache2/*conf* /etc/apache2/*enabled

    may be useful to determine which VirtualHost sections need to be changed.

还有更多。

关于ssl - 安装证书后 httpd 不启动,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17898135/

上一篇:r - 在 R 发布时出错

下一篇:Firefox SSL : you are connected to whatever. com 由(未知)运行?

相关文章:

ssl - 通配符 Cer 在配置 ssl 主机 header 后不起作用

ruby - 使用 Ruby SSLSockets 获取客户端地址

c# - 仅在 azure 上 : Could not create SSL/TLS secure channel

ssl - https协议(protocol)和SSL证书的区别

linux - 查明网络应用程序或服务器是否受到威胁

apache - 本地开发服务器上的 ssl

apache2 - 'sites-enabled' 和 'sites-available' 目录有什么区别?

amazon-web-services - 使用 SNI 通过 HTTPS 提供服务时出现 CloudFront 错误

android - 使用 mkcert 证书进行 PWA 的本地测试

windows - 如何使用OpenSSL/Curl检查双面安全的https连接

©2024 IT工具网  联系我们