Apache-2.2

無法使用自簽名 SSL 證書

  • December 10, 2010

我嘗試在 Firefox 中載入網站的 https 版本時收到“無法連接”錯誤消息。

日誌文件中沒有錯誤資訊,只有:

[Thu Dec 09 16:55:24 2010] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Thu Dec 09 16:55:25 2010] [notice] Digest: generating secret for digest authentication ...
[Thu Dec 09 16:55:25 2010] [notice] Digest: done
[Thu Dec 09 16:55:26 2010] [notice] Apache/2.2.16 (FreeBSD) mod_ssl/2.2.16 OpenSSL/0.9.8n DAV/2 PHP/5.3.3 with Suhosin-Patch configured -- resuming normal operations

我遵循了本指南:http ://www.akadia.com/services/ssh_test_certificate.html

我的配置文件如下所示:

<Directory "/usr/local/www/apache22/data">
   #
   # Possible values for the Options directive are "None", "All",
   # or any combination of:
   #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
   #
   # Note that "MultiViews" must be named *explicitly* --- "Options All"
   # doesn't give it to you.
   #
   # The Options directive is both complicated and important.  Please see
   # http://httpd.apache.org/docs/2.2/mod/core.html#options
   # for more information.
   #
   Options Indexes FollowSymLinks

   #
   # AllowOverride controls what directives may be placed in .htaccess files.
   # It can be "All", "None", or any combination of the keywords:
   #   Options FileInfo AuthConfig Limit
   #
   AllowOverride All

   #
   # Controls who can get stuff from this server.
   #
   Order allow,deny
   Allow from all
</Directory>

NameVirtualHost *:443
<VirtualHost *:443>
   DocumentRoot "/usr/local/www/apache22/data"

   ServerName "domain.name"

   SSLEngine on
   SSLCertificateFile /some-folder/ssl-key/server.crt
   SSLCertificateKeyFile /some-folder/ssl-key/server.key

   CustomLog "/some-folder/log/httpd-ssl_request.log" \
         "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

NameVirtualHost *:80
<VirtualHost *:80>
   DocumentRoot "/usr/local/www/apache22/data"

   ServerName "domain.name"
</VirtualHost>

(編輯了少量,但你應該能夠看到我做的對/錯…)

預設情況下(據我所知),Apache 不會監聽埠 443(用於 SSL 通信的埠)。因此,為了能夠連接到新配置的 SSL 伺服器,您需要在配置中包含以下行:

Listen 443

配置虛擬主機不會自動使伺服器偵聽配置中指定的埠。

引用自:https://serverfault.com/questions/211236