Apache-2.2
在 ubuntu 12、apache 上安裝 Thawte ssl 123 證書
我最近從 thwate 購買了 ssl123 證書。他們為我提供了以下文件 1:x.509 證書 2:Apache Bundle 3:intermediate CA1
我正在嘗試在我的伺服器上安裝,但這裡沒有成功是我的配置。
虛擬主機文件
<IfModule mod_ssl.c> <VirtualHost IP:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/x.509.crt SSLCertificateKeyFile /etc/apache2/ssl/my.key SSLCACertificateFile /etc/apache2/ssl/intermediate.crt ServerAdmin xyz@gmail.com ServerName www.xyz.org ServerAlias xyz.org DocumentRoot /var/www/ecommerce/ <Directory /> Options Indexes FollowSymLinks MultiViews AllowOverride None </Directory> <Directory /var/www/ecommerce/> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> </<IfModule> port.conf file NameVirtualHost *:80 Listen 80 <IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
Apache 錯誤日誌
[Thu Aug 01 11:43:58 2013] [notice] caught SIGTERM, shutting down [Thu Aug 01 11:43:59 2013] [warn] [mod_spdy/0.9.4.1-397] [7305:7305:WARNING:mod_spdy.cc(166)] mod_spdy is insta config. SPDY will not be used by this server. See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for ho [Thu Aug 01 11:43:59 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Aug 01 11:43:59 2013] [warn] RSA server certificate CommonName (CN) `Thawte DV SSL CA' does NOT match serv [Thu Aug 01 11:43:59 2013] [error] Unable to configure RSA server private key [Thu Aug 01 11:43:59 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_c
更新配置
[Thu Aug 01 13:09:03 2013] [error] Init: Multiple RSA server certificates not allowed [Thu Aug 01 13:10:51 2013] [warn] [mod_spdy/0.9.4.1-397] [13606:13606:WARNING:mod_spdy.cc(166)] mod_spdy is installed, but has not been enabled in the Apache config. SPDY will not be used by this server. See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for how to enable.
虛擬主機文件
IfModule mod_ssl.c> <VirtualHost IP:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/x.509.crt SSLCertificateKeyFile /etc/apache2/ssl/my.key SSLCACertificateFile /etc/apache2/ssl/rootcertificate.crt ServerAdmin xyz@gmail.com ServerName www.xyz.org ServerAlias xyz.org DocumentRoot /var/www/ecommerce/ <Directory /> Options Indexes FollowSymLinks MultiViews AllowOverride None </Directory> <Directory /var/www/ecommerce/> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory> </<IfModule>
您的證書/私鑰或根 CA 證書不匹配。
您正在為參數 SSLCACertificateFile 使用中間證書。請切換到與您的證書類型匹配的正確根 CA 證書(例如“Thawte Premium Server CA”。連結:Thawte 根 CA 下載
順便說一句:您的 apache 日誌似乎在右側被截斷。