(我从 stackoverflow 复制了这个问题,因为 PHP 问题可能更适合这个地方)
我需要在带有 PHP 的 Apache 2 Web 服务器上运行 OpenSSL,以便将 Moodle 和 Mahara 与 SSO 结合使用。
服务器运行的是 Ubuntu 10.04.3,我已经按照说明启用了 SSL 包这里。我也关注了这些设置证书的步骤。手动创建证书很有效。
但是,Mahara 认为 OpenSSL 配置不正确:
无法生成新的 SSL 密钥。您确定这台机器上安装了 openssl 和 openssl 的 PHP 模块吗?
这是启动服务器后的 Apache error.log 中的内容:
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/apache2/conf.d/imap.ini on line 1 in Unknown on line 0
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 25 10:38:06 2011] [warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Thu Aug 25 10:38:06 2011] [notice] Apache/2.2.14 (Ubuntu) mod_ssl/2.2.14 OpenSSL/0.9.8k configured -- resuming normal operations
这是我访问 Maharas 网络页面时得到的提示,它说找不到 OpenSSL:
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] [WAR] 6d (api/xmlrpc/lib.php:1324) openssl_csr_new(): dn: add_entry_by_NID 17 -> Mahara for example.com (failed), referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] Call stack (most recent first):, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * log_message("openssl_csr_new(): dn: add_entry_by_NID 17 -> Maha...", 8, true, true, "/var/www/mahara/api/xmlrpc/lib.php", 1324) at /var/www/mahara/lib/errors.php:446, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * error(2, "openssl_csr_new(): dn: add_entry_by_NID 17 -> Maha...", "/var/www/mahara/api/xmlrpc/lib.php", 1324, array(size 11)) at Unknown:0, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * openssl_csr_new(array(size 7), resource(#22), array(size 1)) at /var/www/mahara/api/xmlrpc/lib.php:1324, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->generate_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1238, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->get_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1145, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->__construct() at /var/www/mahara/api/xmlrpc/lib.php:1131, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo::singleton() at /var/www/mahara/admin/site/networking.php:56, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] , referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] [WAR] 6d (api/xmlrpc/lib.php:1328) Could not generate a new SSL key. Are you sure that both openssl and the PHP module for openssl are installed on this machine?, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] Call stack (most recent first):, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->generate_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1238, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->get_keypair() at /var/www/mahara/api/xmlrpc/lib.php:1145, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo->__construct() at /var/www/mahara/api/xmlrpc/lib.php:1131, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] * OpenSslRepo::singleton() at /var/www/mahara/admin/site/networking.php:56, referer: http://example.com/mahara/admin/
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] , referer: http://example.com/mahara/admin/
我不太明白。到底哪里出了问题?
编辑:只需澄清一下:问题似乎出在 PHP 上,Apache 似乎没问题:Apache/2.2.14 (Ubuntu) mod_ssl/2.2.14 OpenSSL/0.9.8k configured -- resuming normal operations
答案1
使用标准 https 查看服务器上的文件,是否会产生任何 SSL 错误消息?如果会产生,则意味着您的证书设置不正确。如果没有错误,我不知道发生了什么,除非有创建它们的二级限制。
答案2
啊啊啊啊,真是个愚蠢的问题。我刚刚找到了解决方案。问题是这样的:
[Thu Aug 25 10:45:26 2011] [error] [client xx.xx.xx.xx] [WAR] 6d (api/xmlrpc/lib.php:1324) openssl_csr_new(): dn: add_entry_by_NID 17 -> Mahara for example.com (failed), referer: http://example.com/mahara/admin/
它不是“Mahara for example.com”(这是我在 Mahara 设置中设置为站点名称的字符串),而是简单地期望“example.com”