移动 IP 时是否需要重新颁发/重新生成证书?

tag-icon tag-icon linux ssl ssl-certificate certificate certificate-authority
移动 IP 时是否需要重新颁发/重新生成证书?

这些错误是否与将网站移动到新 IP 并保留相同的 SSL CERT 有关?

我需要重新生成/签名来修复此问题吗?

[Sun Jun 22 07:13:11.054280 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 07:13:11.054328 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'
[Sun Jun 22 08:11:52.651176 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00297: SIGUSR1 received.  Doing graceful restart
[Sun Jun 22 08:11:53.000801 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH01906: web.nj.sitename.com:443:0 server certificate is a CA certificate (BasicConstraints : CA == TRUE !?)
[Sun Jun 22 08:11:53.000838 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Sun Jun 22 08:11:53.000844 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02567: Unable to configure certificate web.nj.sitename.com:443:0 for stapling
[Sun Jun 22 08:11:53.001476 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jun 22 08:11:53.068215 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 08:11:53.068256 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'
[Sun Jun 22 09:10:23.035351 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00297: SIGUSR1 received.  Doing graceful restart
[Sun Jun 22 09:10:24.000899 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH01906: web.nj.sitename.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Sun Jun 22 09:10:24.000935 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02217: ssl_stapling_init_cert: Can't retrieve issuer certificate!
[Sun Jun 22 09:10:24.000941 2014] [ssl:error] [pid 2775:tid 2803123869632] AH02567: Unable to configure certificate web.nj.sitename.com:443:0 for stapling
[Sun Jun 22 09:10:24.001574 2014] [ssl:warn] [pid 2775:tid 2803123869632] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Sun Jun 22 09:10:24.157294 2014] [mpm_worker:notice] [pid 2775:tid 2803123869632] AH00292: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.9 configured -- resuming normal operations
[Sun Jun 22 09:10:24.157326 2014] [core:notice] [pid 2775:tid 2803123869632] AH00094: Command line: '/usr/local/apache/bin/httpd -D SSL'

答案1

不,通常 SSL 证书与服务器的通用名称(即 DNS 名称)相关联。
更改 www.example.com 的 IP 地址不会不使无效www.example.com 的证书。

您的错误信息服务器证书是CA证书建议您复制了错误的证书或配置错误,现在SSLCertificateFile指向实际上是的SSLCertificateChainFile或的SSLCACertificateFile

openssl x509 -in file.cert -noout -text

将以明文形式显示证书的属性,帮助您调试。

相关内容