Safari 告诉我无法打开该页面,因为它无法与服务器建立安全连接。但是,其他浏览器(opera、firefox)可以打开该页面。此外,apache 错误日志中没有任何内容。
该证书是自签名的,并使用标准值。(如下所示:http://www.knaupes.net/tutorial-ssl-zertifikat-selbst-erstellen-und-signieren/)
ssl配置:
SSLEngine on
#SSLInsecureRenegotiation on
SSLCertificateFile /home/gemeinde/certs/selfsigned/gemeinde.crt
SSLCertificateKeyFile /home/gemeinde/certs/selfsigned/gemeinde.key
#SSLCACertificateFile /home/gemeinde/certs/Platinum_G2.pem
#SSLOptions +StdEnvVars
<Location "/">
SSLOptions +StdEnvVars +OptRenegotiate
SSLVerifyClient optional
SSLVerifyDepth 10
</Location>
答案1
遇到过类似的问题,唯一可行的解决方案似乎是启用不安全的 SSL 重新协商(配置示例中的第二行被注释掉了)。似乎 Safari 无法与客户端证书进行安全的重新协商,或者其他原因。
您可以通过将 Apache LogLevel 设置为调试并检查是否看到类似以下内容来确认:
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(510): [client 192.168.1.225] Changed client verification type will force renegotiation, referer:
[Fri May 27 12:47:24 2011] [info] [client 192.168.1.225] Requesting connection re-negotiation, referer:
[Fri May 27 12:47:24 2011] [debug] ssl_engine_io.c(1920): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f099f75e870 [mem: 7f099f823de0]
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(764): [client 192.168.1.225] Performing full renegotiation: complete handshake protocol (client does not support secure renegotiation), referer:
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1916): OpenSSL: Handshake: start
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSL renegotiate ciphers
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 write hello request A
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 flush data
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 write hello request C
[Fri May 27 12:47:24 2011] [info] [client 192.168.1.225] Awaiting re-negotiation handshake, referer: