apache - 使用虚拟主机在 Apache 中配置 Ssl

Question

我正在尝试为 Ssl 连接配置 apache，但是当我尝试使用 https 访问该网站时是不可能的。

这是我网站的虚拟主机:

<VirtualHost *:443>
DocumentRoot "C:\xampp\htdocs\www.example.com"
ServerName www.example.com
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>

<VirtualHost *:443>
DocumentRoot "C:\xampp\htdocs\www.example.com"
ServerName example.com
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>

我在 c:\xampp\apache\conf\httpd.conf 中这一行之前省略了# LoadModule rewrite_module modules/mod_rewrite.so

我在 c:\xampp\apache\conf\extra\httpd-xampp.con 中添加了这一行

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect /xampp folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} xampp
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /phpMyAdmin folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} phpmyadmin
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /security folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} security
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

    # Redirect /webalizer folder to https
    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} webalizer
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>

我在以下文件的每个目录中添加了一个 SSLRequireSSL 指令:

Config File: c:\xampp\apache\conf\extra\httpd-xampp.conf
c:\xampp\phpmyadmin
c:\xampp\htdocs\xampp
c:\xampp\webalizer
c:\xampp\security\htdocs
Config File: c:\xampp\webdav
c:\xampp\webdav

当我重新启动 apache 时的错误日志:

[Fri Jun 23 10:00:24.739140 2017] [ssl:warn] [pid 5012:tid 268] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Fri Jun 23 10:00:24.742070 2017] [ssl:warn] [pid 5012:tid 268] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Jun 23 10:00:24.947148 2017] [ssl:warn] [pid 5012:tid 268] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
[Fri Jun 23 10:00:24.948125 2017] [ssl:warn] [pid 5012:tid 268] AH01909: RSA certificate configured for localhost:443 does NOT include an ID which matches the server name
[Fri Jun 23 10:00:24.949101 2017] [ssl:warn] [pid 5012:tid 268] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Fri Jun 23 10:00:25.077031 2017] [mpm_winnt:notice] [pid 5012:tid 268] AH00354: Child: Starting 150 worker threads.

谁能告诉我我做错了什么或遗漏了什么？

Answer 1

能否请您更改 ServerName 指令以匹配 apache 日志建议的证书通用名称？ 要验证您在证书中使用的通用名称是否与服务器名称匹配，请运行

openssl x509 -in server.crt -noout -subject

如果这不起作用，请使用完全限定的域名，例如 mydomain.dev。要使其正常工作，请在主机文件中添加域以使用环回 IP 127.0.0.1 进行解析 - 这类似于我的文章 https://www.bizmate.biz/articles-mainmenu-2/18-little-it-tricks/48-ssl-virtualhost-apache2-xampp 中的步骤 1

这是更改主机文件的方法。 https://support.rackspace.com/how-to/modify-your-hosts-file/

另外，为了确定 SSL 是否配置正确，请您关注它并暂时禁用 mod_rewrite。事实上，如果它不起作用，请严格按照我文章中的步骤进行操作，并还原您到目前为止所做的任何更改/从头开始。然后，一旦您的浏览器和 apache 对证书和 SSL 加密感到满意，您就可以让 mod_rewrite 稍后工作。