我想创建一个自签名证书来加密我的服务器和任何客户端之间的通信:
我在单个命令中使用 OpenSSL 创建自签名密钥和证书对:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
但我在日志中看到这一点:
[Mon Sep 27 13:42:01.478245 2021] [ssl:error] [pid 1344:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
[Mon Sep 27 13:42:01.485956 2021] [ssl:warn] [pid 1345:tid 139789990751552] AH01906: 176.57.122.225:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Sep 27 13:42:01.486039 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: CN=176.57.122.225,OU=discoter,O=discoter,L=Brux
elles,ST=Bruxelles,C=BE / issuer: CN=176.57.122.225,OU=discoter,O=discoter,L=Bruxelles,ST=Bruxelles,C=BE / serial: 2AD0C83CF40FCE881CCF862D5D1372957C7C3DF6 / notbefore: Sep 27 13:41:36 2021 GMT / notaft
er: Sep 27 13:41:36 2022 GMT]
[Mon Sep 27 13:42:01.486045 2021] [ssl:error] [pid 1345:tid 139789990751552] AH02604: Unable to configure certificate 176.57.122.225:443:0 for stapling
和
more /etc/apache2/sites-available/default-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName 176.58.122.XXX
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>