我已经在 RHEL 7 实例上设置了 Apache Web 服务器
yum install mod_ssl openssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
在 httpd.conf 文件和 ssl.conf 文件中,我将指向 443 的虚拟主机更改为使用以下 SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
httpd 重新启动后没有错误
当我用自定义证书替换它们时,出现以下错误
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2020-03-08 19:36:43 UTC; 12s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 6763 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 6761 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 6761 (code=exited, status=1/FAILURE)
Mar 08 19:36:43 hostname systemd[1]: Starting The Apache HTTP Server...
Mar 08 19:36:43 hostname httpd[6761]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:36:43 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:36:43 hostname kill[6763]: kill: cannot find process ""
Mar 08 19:36:43 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:36:43 hostname systemd[1]: Failed to start The Apache HTTP Server.
Mar 08 19:36:43 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:36:43 hostname systemd[1]: httpd.service failed.
===============================================
=================================
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname polkitd[616]: Registered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 08 19:19:39 hostname systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Mar 08 19:19:39 hostname httpd[6687]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:13
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=AVC msg=audit(1583695179.383:732): avc: denied { read } for pid=6687 comm="httpd" name="hostname.cer" dev="nvme0n1p2" ino=539462 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SYSCALL msg=audit(1583695179.383:732): arch=c000003e syscall=2 success=no exit=-13 a0=7ffd30429940 a1=80000 a2=0 a3=7ffd30428b60 items=0 ppid=1 pid=6687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=PROCTITLE msg=audit(1583695179.383:732): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
Mar 08 19:19:39 hostname systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Mar 08 19:19:39 hostname kill[6689]: kill: cannot find process ""
Mar 08 19:19:39 hostname systemd[1]: httpd.service: control process exited, code=exited status=1
Mar 08 19:19:39 hostname systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Mar 08 19:19:39 hostname systemd[1]: Unit httpd.service entered failed state.
Mar 08 19:19:39 hostname systemd[1]: httpd.service failed.
Mar 08 19:19:39 hostname audispd[583]: node=hostname type=SERVICE_START msg=audit(1583695179.413:733): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=httpd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Mar 08 19:19:39 hostname polkitd[616]: Unregistered Authentication Agent for unix-process:6681:1188860 (system bus name :1.51, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Mar 08 19:31:55 hostname adclient[1767]: INFO AUDIT_TRAIL|Centrify Suite|Trusted Path|1.0|2700|Trusted path granted|5|[email protected] pid=1767 utc=1583695915114 centrifyEventID=23700 DASessID=N/A DAInst=N/A status=GRANTED server=ldap/[email protected]
lines 1869-1900/1900 (END)
由于证书的专有性质,我无法分享证书详细信息,请让我知道还需要寻找什么?谢谢内特
答案1
必须将证书文件的所有权更改为 ec2-user:root 才能让进程访问证书文件。这解决了这个问题。非常感谢罗艾玛。