我正在努力在 docker 容器内配置带有 ssl 证书的虚拟主机(我认为这个问题与 docker 无关),当我连接到我的站点时,我没有任何错误,只是空白页,但在错误日志中我有这个:
[Tue Aug 02 09:57:58.030690 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:58.030862 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
这是我输入的命令来创建我的 key 证书:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/mykey.crt -keyout /etc/ssl/private/mykey.key
我测试创建了两个证书,因为我需要两个虚拟主机,但它仍然不起作用,这是我的虚拟主机: 服务器名 mysite.local
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName mysite.local
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mykey.crt
SSLCertificateKeyFile /etc/ssl/private/mykey.key
</VirtualHost>
<VirtualHost *:80>
ServerName devadmin.mysite.local
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName devadmin.mysite.local
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/public
SetEnv APPLICATION_ENV "devDocker"
SetEnv APPLICATION_WEB_BOOTSTRAP "devadmin"
<Directory /var/www/html/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Location /protected/>
AuthTokenSecret "mySuperSecret"
AuthTokenPrefix /protected/
AuthTokenTimeout 120
</Location>
ErrorLog ${APACHE_LOG_DIR}/error-scco.log
CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mykey.crt
SSLCertificateKeyFile /etc/ssl/private/mykey.key
</VirtualHost>
这是我输入 service apache2 restart 时的日志:
[Tue Aug 02 09:57:56.950457 2016] [mpm_prefork:notice] [pid 711] AH00169: caught SIGTERM, shutting down
[Tue Aug 02 09:57:57.987280 2016] [ssl:warn] [pid 753] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:57.987801 2016] [ssl:warn] [pid 753] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Aug 02 09:57:58.030501 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Aug 02 09:57:58.030933 2016] [ssl:warn] [pid 754] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Tue Aug 02 09:57:58.033677 2016] [mpm_prefork:notice] [pid 754] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.17 OpenSSL/1.0.1f configured -- resuming normal operations
[Tue Aug 02 09:57:58.033700 2016] [core:notice] [pid 754] AH00094: Command line: '/usr/sbin/apache2'
提前谢谢你。
最佳答案
这只是一个可忽略的警告,您会收到自签名证书。
关于ssl - RSA 服务器证书 apache2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38718084/