所以我从 GoDaddy 获得了 SSL。
它适用于我的公共(public)网站 mysite.com
。
我现在希望为我的 administrator.mysite.com
建立 SSL 连接
因此,我使用 openssl
创建了一个自签名证书,因为我不介意用锁上的红色标记来管理自己的网站。
里面httpd-ssl.conf
<VirtualHost *:443>
ServerName mysite.com:443
ServerAlias www.mysite.com
DocumentRoot /opt/lampp/htdocs/MySite/
ServerAdmin <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0f6e6b6266614f62767c667b6a216c6062" rel="noreferrer noopener nofollow">[email protected]</a>
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/mysite.com.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server_nopwd.key
SSLCertificateChainFile /opt/lampp/etc/ssl.crt/gd_bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName administrator.mysite.com:443
DocumentRoot "/opt/lampp/htdocs/"
ServerAdmin <a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1273767f7b7c527f6b617b66773c717d7f" rel="noreferrer noopener nofollow">[email protected]</a>
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors_admin.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access_admin.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/admin.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/admin.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
我收到这个警告:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
发生的情况是管理员主机被重定向到常规主机,这非常烦人
最佳答案
我也遇到了同样的问题。奇怪的是,有些人报告说,这对他们来说就像一种魅力,但对其他人则不然。我什至尝试通过 SSLStrictSNIVHostCheck apache 指令使用 SNI,但没有成功。
当使用带有通配符域的ServerAlias指令时,例如。 *.snakeoil.com 然后 VirtualHost 配置的顺序很重要。如果VirtualHost具有通配符域别名:
ServerAlias *.snakeoil.com
是第一个,它将首先被处理并避免其他虚拟主机的解析。尝试反转虚拟主机,以便这一切都是最后一个,例如。
<IfModule mod_ssl.c>
# first vhost
<VirtualHost *:443>
ServerName vhost1.snakeoil.com
[...]
</VirtualHost>
# second vhost
<VirtualHost *:443>
ServerName vhost2.snakeoil.com
[...]
</VirtualHost>
# Attention!
# All other vhost requests end up here
# Order matters, keep this entry to be the last one
# as a last resort if any of the above don't apply
<VirtualHost *:443>
ServerName snakeoil.com
ServerAlias *.snakeoil.com
[...]
</VirtualHost>
</IfModule>
至少为我工作过 apache 2.2.14
关于apache - 在两个虚拟主机上使用 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/17678255/