我已经生成了让加密(阶段模式)证书并将其安装在我的网络服务器中,我在检查每个证书的指纹时遇到问题,我发现它与浏览器显示的不同,更糟糕的是,浏览器只显示所有域的一个证书。对于这两个域,我看到的是:
钥匙尺寸正确,但指纹不同,为什么?
我的httpd.conf
ServerRoot "/etc/httpd"
Listen 80
Listen 443 https
SSLStrictSNIVHostCheck on
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName 15.188.158.148:80
#ServerName highschoolhelper.org
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %v %V %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
IncludeOptional conf.d/domains/*.conf
每个虚拟主机配置都有一个与此类似的配置:
<VirtualHost *:80>
ServerName apple.highschoolhelper.org
ServerAlias apple.highschoolhelper.org www.apple.highschoolhelper.org
DocumentRoot /var/www/html/apple.highschoolhelper.org/public_html
ServerAdmin [email protected]
DirectoryIndex index.html index.php
LogLevel warn
<Directory /var/www/html/apple.highschoolhelper.org/public_html>
IndexIgnoreReset ON
IndexIgnore .well-known
Options +Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/apple.highschoolhelper.org-error.log
CustomLog /var/log/httpd/apple.highschoolhelper.org-access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName apple.highschoolhelper.org
ServerAlias apple.highschoolhelper.org www.apple.highschoolhelper.org
DocumentRoot /var/www/html/apple.highschoolhelper.org/public_html
ServerAdmin [email protected]
DirectoryIndex index.html index.php
LogLevel warn
<Directory /var/www/html/apple.highschoolhelper.org/public_html>
IndexIgnoreReset ON
IndexIgnore .well-known
Options +Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/apple.highschoolhelper.org-error.log
CustomLog /var/log/httpd/apple.highschoolhelper.org-access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt
SSLCertificateKeyFile /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_pkey.pem
</VirtualHost>
主域证书:
-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgITAPrxRtrC7JMtDhGS3WITo5TdmTANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0yMDA1MTky
MDA1MDZaFw0yMDA4MTcyMDA1MDZaMB8xHTAbBgNVBAMTFGhpZ2hzY2hvb2xoZWxw
ZXIub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmMg9z4hIP1do
sL3qQ1pqpl9JpNpqYE4NeI0/8HEDvC7Io08S3y9HzR+WxDzXWJl+Xv7z2DSHVd1i
3dKtT5I3kRe9T3gWFfN7yUtVYaXDZOMpCPnyIS8EXEj6n1ZzHBSe/xjqpu26ccoc
39fN3SdYYwqzwL7Ev1+DOLf24Y9iUFIvEPeN0im//mHOE5jB3BqaBcI7yyr/32jv
tYnM01jUXza7XKqarqESJR4mb6p9RmW8o8wPeorzoozrRietHAwtHCOSxGoDu2gc
A5KZm8W004N91LQrH3zwxoUakLD8I9MK3W+2LG8/fo5mA8ep8WXbx+Im8lTfqqlN
ifM+QJQLovZ+qI8w1qixDh9adX6qUswvm9WBfMSrYzhKbQYQNmEWSe9zjPSXyMBx
nVngnXdi4vewsxdfuCHWic0ZqZ/LNVD44fDU1771BNDWkTlToFO7K8EwGcoLpvoQ
B5G1sk4BnnWsAGEj/AgwJZASHCf/xiPVPtJJq4K2/3dKSMypbCqjV2avq66XsJjQ
I7p254ZEzwuf9XHdKoXidxxtQkj2JhLhLcfZwC87nWibAFg+Eej2Yzauhqli9JT4
WKUxepTUkuitSZBPxxvL9lES/iFO3O2UpJnPFlBwDPeRRNNk4hW2COSDrCeOK2Mr
o5f4H+wAUjp9aBpCqDON20g5JUkjXDkCAwEAAaOCAm8wggJrMA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUIrTLihg9aowEbnynDXIGnAjdf9gwHwYDVR0jBBgwFoAUwMwD
RrlYIMxccnDz4S7LIKb1aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUFBzABhiZo
dHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggrBgEFBQcw
AoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcvMB8GA1Ud
EQQYMBaCFGhpZ2hzY2hvb2xoZWxwZXIub3JnMEwGA1UdIARFMEMwCAYGZ4EMAQIB
MDcGCysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
Y3J5cHQub3JnMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAxj8iGMN9VqaqBrWW
2o5T1NcVbR6brI5E0iAt5k1p2dwAAAFyLsEaJQAABAMARjBEAiBpP5ZJ+Xvv8ue2
cC25iWtsx5emTQdPzQqVyQGbpORT1AIgO5sXtftd3fo0tf4QaJgYht8QK9CaYFvE
g+Mdqy73qiIAdQAW6GnB0ZXq18P4lxrj8HYB94zhtp0xqFIYtoN/MagVCAAAAXIu
wRwOAAAEAwBGMEQCIAE9gQM4lMdxIuTWHJgQ88LXtnY/FFY3tG/t5+fIkWDdAiAk
4Oc2A0Ap5noO/DHh2b9c9LMGQLJLKa3s5V0YsIgkLDANBgkqhkiG9w0BAQsFAAOC
AQEARCQpteMb+z33OLthsj4C5EReV9uf9AkSOjNh7kNjpOk8KfiYTSqJPGm70UtC
peJP/cu25YMIU1RGIpoM77dPCciEH6d/jRxac6WcUeREuIrhu8UtoNMUdUv6XZqV
Pe9RGG/QaMAN1NFdMdG9QLvYAUv+BtU4AcknHeG3swu6ADFuIcprhNNhCLzzMdTr
TlVvYjRX0OURVZXoS7Ikgz403HVH0zwbAxMr0C5trp5kFjAYzo6jYqloLELVJVA+
G0aPcwkJiTGNK7eyNAmX9qglC+rejgAqm2xTVXMDRG4CDFpeBKNq0d3MDMW5magA
n319hW664vpJA/EFmS+ydP4fRA==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
-----END CERTIFICATE-----
域名apple.highschoolhelper.org证书:
-----BEGIN CERTIFICATE-----
MIIGbjCCBVagAwIBAgITAPpvUR1otz/jWG6vt8AJyofqHjANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0yMDA1MTky
MzExMDVaFw0yMDA4MTcyMzExMDVaMCUxIzAhBgNVBAMTGmFwcGxlLmhpZ2hzY2hv
b2xoZWxwZXIub3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuXLg
clxj5xGYpNTL5a9ALvR6TYQ53qPX484S9ge4R77yTtgXvQ+AETQVVbm6GINL0gn1
LcvSCZyG6miwab7mpJ92n+CWOw4jjxJYeO7FbtgzyBG2Nf/HFAjOcrGIH1wUcMd0
WITlN3Sd18fKuIp0qdr4KZDMp+ZL9m3DXg0MpTW/DOF2Y2O1djREBj9y7CQ0AtRx
1uFnDVvW0+QjXXS5h5xn6EMzs0SC56+tR24AOqpPUKgqPXsqmayH1Bg5reOb2IkQ
UoTjtFeJ/I8teJvlY56YQsdUdy+EIxdBhVP6QMdzMkHhmonyMK5s9peZxmgbedSU
miTumgtvMhIYRua+1K2fNOXHkX9RUURqHtG61X5cC/naX3zjtN0/RtFjyN9vWn3o
IX5lsrPztrVIzvffMrgABPZKi2mOZlbfKiGEtfvpXDaVi1rXtGiF6wwcuH1WnLkf
spA6MQRQsyjF1OqTtgCRmw1O3MewsY5sNr8UVEm+VOVjpRLlQGQETBzIKD1EG8Mv
jk9Vh+cky4g+8MpLU0rug4PnRf8q8PHb+OJY7z7JwrTB1FpoMowDEXRet6WXt8xo
K0kNP6kjm/5LWTa51w+NQxralHCZM/zIOwQSfQrEbwp81ynCbtVQ2vBUfoFE4g/q
4VnD0Vpf64lz5e2fz0oyXfJCvCfjp8+S6RFeLEECAwEAAaOCApgwggKUMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUHfyOwwQAbuPSvQXuqw8veEDKNUwwHwYDVR0jBBgw
FoAUwMwDRrlYIMxccnDz4S7LIKb1aDowdwYIKwYBBQUHAQEEazBpMDIGCCsGAQUF
BzABhiZodHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNlbmNyeXB0Lm9yZzAzBggr
BgEFBQcwAoYnaHR0cDovL2NlcnQuc3RnLWludC14MS5sZXRzZW5jcnlwdC5vcmcv
MEUGA1UdEQQ+MDyCGmFwcGxlLmhpZ2hzY2hvb2xoZWxwZXIub3Jngh53d3cuYXBw
bGUuaGlnaHNjaG9vbGhlbHBlci5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYL
KwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlw
dC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDGPyIYw31WpqoGtZbajlPU
1xVtHpusjkTSIC3mTWnZ3AAAAXIva2MBAAAEAwBIMEYCIQC3Ltiqm33XnHx5o61n
1Xk4QQ+5tw+FdPmbjavwN3kH6AIhAJOFzpcpBE5DVpzgZV6nGoOkLmNUq4MP5JZj
vciD/Hs9AHYAsMyD5aX5fWuvfAnMKEkEhyrH6IsTLGNQt8b9JuFsbHcAAAFyL2tk
7wAABAMARzBFAiAp/2OTOdE5cpkjxllo3JPIl4wvavE4HTD6v3Nb1ypIuwIhAPzi
p9KkgpLXJu49gEIWAin1oLW9dx6+3yfBq7tbgGVnMA0GCSqGSIb3DQEBCwUAA4IB
AQAEbgpLWNqapM5aa+/aKhtBZWlI14IqWBB+TX08mFc6XpLsFTDr2pcd9xC1GABA
NVy710WIzOSRWinRWKtuKtmQwv/+L9tkBXq0+OLdbkKWwYVqHtoiGMA+oHMBwvlj
w5reYdAOeHWuP5R0rISoWEgZv/O0OvFZAE0uWjKiOtYVO6TefPvpKjQX7TlMYQM5
TpDiSJJNZJ+8E4/UBczdAiqAvwoEf1W7dtwwIg6E7UFxa2xfsUrD3EDCPhSxTCKL
QFZ+/vVuvEjZOa3ronGGDV9DWPHNacsv1Hb8f/+xxKXGV3eVEhZDjBcPNt0f4c8p
hu8IGAGFrHWlmwYjkxRLlwgV
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08VGQx8JdhT+UwDQYJKoZIhvcNAQELBQAw
GjEYMBYGA1UEAwwPRmFrZSBMRSBSb290IFgxMB4XDTE2MDUyMzIyMDc1OVoXDTM2
MDUyMzIyMDc1OVowIjEgMB4GA1UEAwwXRmFrZSBMRSBJbnRlcm1lZGlhdGUgWDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtWKySDn7rWZc5ggjz3ZB0
8jO4xti3uzINfD5sQ7Lj7hzetUT+wQob+iXSZkhnvx+IvdbXF5/yt8aWPpUKnPym
oLxsYiI5gQBLxNDzIec0OIaflWqAr29m7J8+NNtApEN8nZFnf3bhehZW7AxmS1m0
ZnSsdHw0Fw+bgixPg2MQ9k9oefFeqa+7Kqdlz5bbrUYV2volxhDFtnI4Mh8BiWCN
xDH1Hizq+GKCcHsinDZWurCqder/afJBnQs+SBSL6MVApHt+d35zjBD92fO2Je56
dhMfzCgOKXeJ340WhW3TjD1zqLZXeaCyUNRnfOmWZV8nEhtHOFbUCU7r/KkjMZO9
AgMBAAGjgeMwgeAwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAw
HQYDVR0OBBYEFMDMA0a5WCDMXHJw8+EuyyCm9Wg6MHoGCCsGAQUFBwEBBG4wbDA0
BggrBgEFBQcwAYYoaHR0cDovL29jc3Auc3RnLXJvb3QteDEubGV0c2VuY3J5cHQu
b3JnLzA0BggrBgEFBQcwAoYoaHR0cDovL2NlcnQuc3RnLXJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnLzAfBgNVHSMEGDAWgBTBJnSkikSg5vogKNhcI5pFiBh54DANBgkq
hkiG9w0BAQsFAAOCAgEABYSu4Il+fI0MYU42OTmEj+1HqQ5DvyAeyCA6sGuZdwjF
UGeVOv3NnLyfofuUOjEbY5irFCDtnv+0ckukUZN9lz4Q2YjWGUpW4TTu3ieTsaC9
AFvCSgNHJyWSVtWvB5XDxsqawl1KzHzzwr132bF2rtGtazSqVqK9E07sGHMCf+zp
DQVDVVGtqZPHwX3KqUtefE621b8RI6VCl4oD30Olf8pjuzG4JKBFRFclzLRjo/h7
IkkfjZ8wDa7faOjVXx6n+eUQ29cIMCzr8/rNWHS9pYGGQKJiY2xmVC9h12H99Xyf
zWE9vb5zKP3MVG6neX1hSdo7PEAb9fqRhHkqVsqUvJlIRmvXvVKTwNCP3eCjRCCI
PTAvjV+4ni786iXwwFYNz8l3PmPLCyQXWGohnJ8iBm+5nk7O2ynaPVW0U2W+pt2w
SVuvdDM5zGv2f9ltNWUiYZHJ1mmO97jSY/6YfdOUH66iRtQtDkHBRdkNBsMbD+Em
2TgBldtHNSJBfB3pm9FblgOcJ0FSWcUDWJ7vO0+NTXlgrRofRT6pVywzxVo6dND0
WzYlTWeUVsO40xJqhgUQRER9YLOLxJ0O6C8i0xFxAMKOtSdodMB3RIwt7RFQ0uyt
n5Z5MqkYhlMI3J1tPRTp1nEt9fyGspBOO05gi148Qasp+3N+svqKomoQglNoAxU=
-----END CERTIFICATE-----
答案1
我现在看到的证书https://highschoolhelper.org是由“cPanel, Inc. Certification Authority”颁发的。这表明您的托管提供商正在使用 cPanel 系统,该系统会覆盖您在 Apache 配置文件中所做的任何配置的某些部分,或者可能是一个以集中方式管理所有客户的 SSL/TLS 支持的设置。
您可能必须使用某种托管控制面板来配置主域的证书,而不是直接修改网络服务器配置。
托管提供商还可能有某种自动化功能,以固定的时间间隔运行并更新某些内容,因此某些更改可能不会在您做出更改后立即在互联网上可见,但只有在自动化完成其工作后才可见。
如果您不确定,请参阅您的托管提供商的文档或联系他们以获取进一步的说明。只有他们才能确切地知道他们的系统是如何设置的。
我当前看到的证书与https://apple.highschoolhelper.org您为其发布的证书匹配,并且指纹也匹配。
根据您的配置,应该在与您之前提到的不匹配的https://apple.highschoolhelper.org文件中找到 的证书- 我猜您做了一些更改?/etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt*.csr
您可以使用以下命令检查服务器上证书文件的指纹:
openssl x509 -in /etc/letsencrypt/live/apple.highschoolhelper.org/apple.highschoolhelper.org_fullchain.crt -noout -fingerprint -sha256
如果与浏览器显示的 SHA-256 指纹匹配,则该证书工作正常。
您发布的主域证书是自签名证书,其主题和颁发者字段均为C=AU, ST=Aust, L=City, O=Default Company Ltd, CN=aws-host.这看起来像是由托管提供商自动化生成的默认证书,该证书只能在虚拟主机和为主域提供 SSL/TLS 的提供商集中式系统之间使用。