Apache SSL 无法远程工作

tag-icon tag-icon apache-2.2 ssl
Apache SSL 无法远程工作

我正在尝试使用 ssl 设置 apache2.2,但在远程连接到它时遇到了问题。

My Virtualhost looks like this:
NameVirtualHost *:443
 <VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/ssl/localcerts/host1/apache.pem

    ServerName mail.host1.net

    DocumentRoot /usr/share/squirrelmail
    <Directory />
            Options -Indexes
            AllowOverride All
    </Directory>

    ErrorLog /var/log/apache2/mail.host1.log
    LogLevel warn

    CustomLog /var/log/apache2/mail.host1-access.log combined

    ServerSignature Off
</VirtualHost>

我已经使用本教程创建了 ssl 文件: http://wiki.debian.org/Self-Signed_Certificate

当我连接本地时

server ~ openssl s_client -connect localhost:443
CONNECTED(00000003)
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
Server certificate
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
---
No client certificate CA names sent
---
SSL handshake has read 1265 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: [...]
    Session-ID-ctx: 
    Master-Key: [...]
    Key-Arg   : None
    Start Time: 1357993878
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
closed

但是当我远程执行此操作时:

[13:27:05:gentoo@~/]openssl s_client -connect mail.host1.net:443
CONNECTED(00000003)
139720085706408:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 322 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Nmap 告诉我端口 443 已打开。

当我通过以下方式连接到我的网站时http://mail.host1.net:443它可以工作,但 SSL 不行

希望有人可以帮忙。

日志只说了:

[Sat Jan 12 19:25:50 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sat Jan 12 19:25:50 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

答案1

您还需要SSLCertificateKeyFile指向私钥。但这并不能解释为什么您会获得有效的 SSL 连接localhost- 听起来您可能仍有一些旧配置。

在更改 SSL 配置后,您是否完全重启了 Apache?您能提供输出吗apachectl -S

相关内容