Debian Apache2 SSL 问题 - 错误代码:ssl_error_rx_record_too_long

tag-icon tag-icon apache-2.2 debian ssl
Debian Apache2 SSL 问题 - 错误代码:ssl_error_rx_record_too_long

我正在 Debian lenny 上设置 apache,但遇到了 SSL 问题。我看过无数教程,而且在 Ubuntu 服务器上也能使用,但 Debian 上我却无能为力。端口 80 (http) 工作正常,但端口 443 (https) 出现以下错误(在 Firefox 中)- homeserver 是我的主机名,我的 dhcp 分配的 ip 是 192.168.1.109。我觉得问题出在我的配置上,而不是证书/密钥生成上。

An error occurred during a connection to homeserver.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

有人发现以下配置文件有问题吗?

/etc/apache2/站点可用/默认-ssl

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName homeserver
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        LogLevel warn

        CustomLog /var/log/apache2/ssl_access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        SSLEngine on

        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key

        SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

/etc/apache2/ports.conf

NameVirtualHost *:80
Listen 80
Listen 443

#<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    #Listen 443
#</IfModule>

/etc/hosts

127.0.0.1       localhost
127.0.0.1       homeserver
#192.168.1.109  homeserver #tried this but it didn't work

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

/etc/主机名

homeserver
#192.168.1.109

答案1

我忘了启用 ssl 模式。我对 linux/apache 还不熟悉。这个命令起了作用:

sudo a2enmod ssl

答案2

这是旧的但有效的,因为它在搜索中排名很高...我还想提醒启用 SSL 站点:

# a2ensite
Your choices are: 000-default default-ssl
Which site(s) do you want to enable (wildcards ok)?
default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2

答案3

就我而言,证书文件是错误的: SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key

并且与服务器上的实际文件不匹配(人为错误:))

相关内容