我正在尝试设置 Apache(2.2.3) 以使用不同的域和 IP 地址运行两个使用 SSL 的网站。两个网站在端口 80 上运行良好,但当我尝试为网站 2 启用 SSL 时,我收到 ssl_error_bad_cert_domain 错误;网站 2 选择了网站 1 的 SSL 证书。
这是我在 httpd.conf 中的设置:
# Website1
NameVirtualHost 192.168.10.1:80
<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>
NameVirtualHost 192.168.10.1:443
<VirtualHost 192.168.10.1:443>
SSLEngine On
SSLCertificateFile conf/ssl/website1.cer
SSLCertificateKeyFile conf/ssl/website1.key
</VirtualHost>
# Website2
NameVirtualHost 192.168.10.2:80
<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>
NameVirtualHost 192.168.10.2:443
<VirtualHost 192.168.10.2:443>
SSLEngine On
SSLCertificateFile conf/ssl/website2.cer
SSLCertificateKeyFile conf/ssl/website2.key
</VirtualHost>
更新:回答 Shane(这不适合放在评论框中)这里是 apachectl -S 的输出:
VirtualHost configuration:
192.168.10.2:80 is a NameVirtualHost
default server www.website2.org (/etc/httpd/conf/httpd.conf:1033)
port 80 namevhost www.website2.org (/etc/httpd/conf/httpd.conf:1033)
192.168.10.2:443 is a NameVirtualHost
default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)
port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1040)
192.168.10.1:80 is a NameVirtualHost
default server www.website1.org (/etc/httpd/conf/httpd.conf:1017)
port 80 namevhost www.website1.org (/etc/httpd/conf/httpd.conf:1017)
192.168.10.1:443 is a NameVirtualHost
default server bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)
port 443 namevhost bogus_host_without_reverse_dns (/etc/httpd/conf/httpd.conf:1024)
wildcard NameVirtualHosts and _default_ servers:
_default_:443 192.168.10.1 (/etc/httpd/conf.d/ssl.conf:81)
Syntax OK
答案1
SSL 虚拟主机不是 NameVirtualHosts - 它们是基于 IP 的虚拟主机。
从您的配置中删除NameVirtualHost *:443
。
答案2
请删除
NameVirtualHost 192.168.10.1:443
和
NameVirtualHost 192.168.10.2:443
为 SSL/TLS 连接激活基于名称的 Apache 虚拟托管功能是没有意义的,或者您想使用 SNI 扩展。
答案3
以下是我让它工作的方法。我必须将 ssl 配置从 httpd.conf 中移出,并在 ssl.conf 中设置两个虚拟主机。
httpd配置文件
# Website1
<VirtualHost 192.168.10.1:80>
DocumentRoot /var/www/html
ServerName www.website1.org
</VirtualHost>
# Website2
<VirtualHost 192.168.10.2:80>
DocumentRoot /var/www/html/chart
ServerName www.website2.org
</VirtualHost>
ssl.conf
<VirtualHost 192.168.10.1:443>
DocumentRoot "/var/www/html/"
ServerAdmin [email protected]
ServerName www.website1.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website1.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website1.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost 192.168.10.2:443>
DocumentRoot "/var/www/html/chart/"
ServerAdmin [email protected]
ServerName www.website2.org
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/website2.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/website2.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
答案4
尝试删除或者注释掉<VirtualHost _default_:443>
中的块/etc/httpd/conf.d/ssl.conf
。