我正在 Debian lenny 上设置 apache,但遇到了 SSL 问题。我看过无数教程,而且在 Ubuntu 服务器上也能使用,但 Debian 上我却无能为力。端口 80 (http) 工作正常,但端口 443 (https) 出现以下错误(在 Firefox 中)- homeserver 是我的主机名,我的 dhcp 分配的 ip 是 192.168.1.109。我觉得问题出在我的配置上,而不是证书/密钥生成上。
An error occurred during a connection to homeserver.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
有人发现以下配置文件有问题吗?
/etc/apache2/站点可用/默认-ssl
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName homeserver
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfModule>
/etc/apache2/ports.conf
NameVirtualHost *:80
Listen 80
Listen 443
#<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
#Listen 443
#</IfModule>
/etc/hosts
127.0.0.1 localhost
127.0.0.1 homeserver
#192.168.1.109 homeserver #tried this but it didn't work
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
/etc/主机名
homeserver
#192.168.1.109
答案1
我忘了启用 ssl 模式。我对 linux/apache 还不熟悉。这个命令起了作用:
sudo a2enmod ssl
答案2
这是旧的但有效的,因为它在搜索中排名很高...我还想提醒启用 SSL 站点:
# a2ensite
Your choices are: 000-default default-ssl
Which site(s) do you want to enable (wildcards ok)?
default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
systemctl reload apache2
答案3
就我而言,证书文件是错误的:
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
并且与服务器上的实际文件不匹配(人为错误:))