在 Ubuntu 中为 Apache 创建自签名 SSL 证书

在 Ubuntu 中为 Apache 创建自签名 SSL 证书

我想创建一个自签名证书来加密我的服务器和任何客户端之间的通信:

我在单个命令中使用 OpenSSL 创建自签名密钥和证书对:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

但我在日志中看到这一点:

[Mon Sep 27 13:42:01.478245 2021] [ssl:error] [pid 1344:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
[Mon Sep 27 13:42:01.485956 2021] [ssl:warn] [pid 1345:tid 139789990751552] AH01906: 176.57.122.225:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Sep 27 13:42:01.486039 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=176.57.122.225,OU=discoter,O=discoter,L=Brux
elles,ST=Bruxelles,C=BE / issuer: CN=176.57.122.225,OU=discoter,O=discoter,L=Bruxelles,ST=Bruxelles,C=BE / serial: 2AD0C83CF40FCE881CCF862D5D1372957C7C3DF6 / notbefore: Sep 27 13:41:36 2021 GMT / notaft
er: Sep 27 13:41:36 2022 GMT]
[Mon Sep 27 13:42:01.486045 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling

more /etc/apache2/sites-available/default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName 176.58.122.XXX
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile  /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

    </VirtualHost>
</IfModule>

相关内容