Apache-2.2
具有不同 SSL 證書的域和子域虛擬主機
我有一個域:www.example.com,我需要這個域可以通過 https 和 http 訪問。
我有一個保護www.example.com和 example.com 的證書 (GeoTrust)。我還需要保護 app.example.com。
app.example.com 是只能通過 https 訪問的東西,但它不需要適當的證書:自簽名證書就足夠了。我嘗試了許多不同的配置(即使對主域和子域使用相同的證書),但沒有任何效果!
以下配置是我嘗試的後者,但結果是,如果我連接到 app.example.com,它會告訴我連接不受信任,然後,一旦接受,它會將我重定向到www.example.com!有什麼幫助嗎?謝謝你。
<VirtualHost *:80> DocumentRoot "/var/websiteexample/public/www" ServerName www.example.com ServerAlias example.com <Directory "/var/websiteexample/public/www"> allow from all Options +Indexes </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/var/websiteexample/public/www" ServerName www.example.com ServerAlias example.com SSLEngine on SSLCertificateFile /root/www.example.com.crt SSLCertificateKeyFile /root/www.example.com.key <Directory "/var/websiteexample/public/www"> allow from all Options +Indexes </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/path/to/another/app" ServerName app.example.com SSLEngine on SSLCertificateFile /root/app.example.com.pem <Directory "/path/to/another/app"> allow from all Options +Indexes </Directory> </VirtualHost>
- 添加
SSLEngine on
到伺服器配置- 添加
SSLStrictSNIVHostCheck on
到 serverconfig - 多個證書的 SNI,排除不支持 SNI 的客戶端- 添加
SSLCertificateKeyFile /root/app.example.com.key
- 您需要兩個虛擬主機的私鑰這是新的配置:
SSLEngine on SSLStrictSNIVHostCheck on SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:-MEDIUM <VirtualHost *:80> DocumentRoot "/var/websiteexample/public/www" ServerName www.example.com ServerAlias example.com <Directory "/var/websiteexample/public/www"> allow from all Options +Indexes </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/var/websiteexample/public/www" ServerName www.example.com ServerAlias example.com #You might also need: SSLCertificateChainFile SSLCertificateFile /root/www.example.com.crt SSLCertificateKeyFile /root/www.example.com.key <Directory "/var/websiteexample/public/www"> allow from all Options +Indexes </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/path/to/another/app" ServerName app.example.com SSLCertificateFile /root/app.example.com.pem SSLCertificateKeyFile /root/app.example.com.key <Directory "/path/to/another/app"> allow from all Options +Indexes </Directory> </VirtualHost>