Apache-2.2

在 ubuntu 12、apache 上安裝 Thawte ssl 123 證書

  • August 1, 2013

我最近從 thwate 購買了 ssl123 證書。他們為我提供了以下文件 1:x.509 證書 2:Apache Bundle 3:intermediate CA1

我正在嘗試在我的伺服器上安裝,但這裡沒有成功是我的配置。

虛擬主機文件

<IfModule mod_ssl.c>
<VirtualHost IP:443>
       SSLEngine On
       SSLCertificateFile /etc/apache2/ssl/x.509.crt
       SSLCertificateKeyFile /etc/apache2/ssl/my.key
       SSLCACertificateFile /etc/apache2/ssl/intermediate.crt
       ServerAdmin xyz@gmail.com
       ServerName  www.xyz.org
       ServerAlias xyz.org
       DocumentRoot /var/www/ecommerce/
       <Directory />
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
       </Directory>
       <Directory /var/www/ecommerce/>
               Options Indexes FollowSymLinks MultiViews
               AllowOverride all
               Order allow,deny
               allow from all
       </Directory>
</<IfModule>

    port.conf file

    NameVirtualHost *:80
    Listen 80

    <IfModule mod_ssl.c>
        # If you add NameVirtualHost *:443 here, you will also have to change
        # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
        # to <VirtualHost *:443>
        # Server Name Indication for SSL named virtual hosts is currently not
        # supported by MSIE on Windows XP.
        Listen 443
    </IfModule>

    <IfModule mod_gnutls.c>
        Listen 443
   </IfModule>

Apache 錯誤日誌

[Thu Aug 01 11:43:58 2013] [notice] caught SIGTERM, shutting down
[Thu Aug 01 11:43:59 2013] [warn] [mod_spdy/0.9.4.1-397] [7305:7305:WARNING:mod_spdy.cc(166)] mod_spdy is insta                        config. SPDY will not be used by this server.  See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for ho
[Thu Aug 01 11:43:59 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 01 11:43:59 2013] [warn] RSA server certificate CommonName (CN) `Thawte DV SSL CA' does NOT match serv
[Thu Aug 01 11:43:59 2013] [error] Unable to configure RSA server private key
[Thu Aug 01 11:43:59 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_c

更新配置

[Thu Aug 01 13:09:03 2013] [error] Init: Multiple RSA server certificates not allowed
[Thu Aug 01 13:10:51 2013] [warn] [mod_spdy/0.9.4.1-397] [13606:13606:WARNING:mod_spdy.cc(166)] mod_spdy is installed, but has not been enabled in the Apache config. SPDY will not be used by this server.  See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for how to enable.

虛擬主機文件

IfModule mod_ssl.c>
<VirtualHost IP:443>
       SSLEngine On
       SSLCertificateFile /etc/apache2/ssl/x.509.crt
       SSLCertificateKeyFile /etc/apache2/ssl/my.key
       SSLCACertificateFile /etc/apache2/ssl/rootcertificate.crt
       ServerAdmin xyz@gmail.com
       ServerName  www.xyz.org
       ServerAlias xyz.org
       DocumentRoot /var/www/ecommerce/
       <Directory />
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
       </Directory>
       <Directory /var/www/ecommerce/>
               Options Indexes FollowSymLinks MultiViews
               AllowOverride all
               Order allow,deny
               allow from all
       </Directory>
</<IfModule>

您的證書/私鑰或根 CA 證書不匹配。

您正在為參數 SSLCACertificateFile 使用中間證書。請切換到與您的證書類型匹配的正確根 CA 證書(例如“Thawte Premium Server CA”。連結:Thawte 根 CA 下載

順便說一句:您的 apache 日誌似乎在右側被截斷。

引用自:https://serverfault.com/questions/527847