Linux

移動 IP 時是否需要辭職/重新生成證書?

  • June 22, 2014

這些錯誤是否與將站點移動到新 IP 並保持相同的 SSL CERT 有關?

我需要重新生成/簽名來解決這個問題嗎?

[Sun Jun 22 07:13:11.054280 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 07:13:11.054328 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'
[Sun Jun 22 08:11:52.651176 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00297: SIGUSR1 received.  Doing graceful restart
[Sun Jun 22 08:11:53.000801 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH01906: web.nj.sitename.com:443:0 server certificate is a CA certificate (BasicConstraints : CA == TRUE !?)
[Sun Jun 22 08:11:53.000838 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Sun Jun 22 08:11:53.000844 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02567: Unable to configure certificate web.nj.sitename.com:443:0 for stapling
[Sun Jun 22 08:11:53.001476 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jun 22 08:11:53.068215 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 08:11:53.068256 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'
[Sun Jun 22 09:10:23.035351 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00297: SIGUSR1 received.  Doing graceful restart
[Sun Jun 22 09:10:24.000899 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH01906: web.nj.sitename.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jun 22 09:10:24.000935 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Sun Jun 22 09:10:24.000941 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02567: Unable to configure certificate web.nj.sitename.com:443:0 for stapling
[Sun Jun 22 09:10:24.001574 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jun 22 09:10:24.157294 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 09:10:24.157326 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'

不,通常 SSL 證書與伺服器的通用名稱相關聯,即 DNS 名稱。
更改 www.example.com 的 IP 地址不會使www.example.com 的證書無效。

您的錯誤消息伺服器證書是 CA 證書,表明您複製了錯誤配置的錯誤證書,現在SSLCertificateFile指向實際上SSLCertificateChainFileSSLCACertificateFile.

openssl x509 -in file.cert -noout -text

將以明文形式顯示證書的屬性,幫助您調試。

引用自:https://serverfault.com/questions/607112