Apache2 - SSL 不起作用

tag-icon tag-icon ssl apache-2.4 ssl-certificate mod-ssl
Apache2 - SSL 不起作用

我目前正在尝试安装 Comodo 通过 Namecheap 颁发的 SSL 证书。但是我目前遇到了问题。在错误日志中,我遇到了以下错误:

[Sun Apr 10 17:59:06.567045 2016] [mpm_prefork:notice] [pid 613] AH00169: caught SIGTERM, shutting down
[Sun Apr 10 17:59:07.662580 2016] [ssl:emerg] [pid 28664] AH02572: Failed to configure at least one certificate and key for my-domain.com:443
[Sun Apr 10 17:59:07.662679 2016] [ssl:emerg] [pid 28664] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned
[Sun Apr 10 17:59:07.662690 2016] [ssl:emerg] [pid 28664] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information
AH00016: Configuration Failed

我从Namecheap获得的文件如下:

  • 我的域名_com.crt
  • 我的域名_com.p7k
  • 我的域名_com.ca-bundle

我生成了一个 server.key 文件以及一个 server.csr 文件。

我的apache配置如下:

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerAdmin webmaster@localhost

    ServerName my-domain.com

    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    SSLEngine on

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
    SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
    SSLCACertificateFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

  </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

我已经在 apache 上设置了 SSL a2enmod ssl。我不太熟悉如何使用 apache 设置证书,因此如果您能提供任何帮助,我将不胜感激。

答案1

您缺少服务器证书,另一方面又复制了一些文件。我将使用下面的文件,假设 minecraft-multiplayer_com.ca-bundle 包含从服务器证书到根 CA 的证书链

SSLCertificateFile    /etc/apache2/ssl.crt/minecraft-multiplayer_com.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/server.key
SSLCertificateChainFile /etc/apache2/ssl.crt/minecraft-multiplayer_com.ca-bundle

答案2

刚刚在日志中出现了同样的错误,经过长时间的调试和验证,发现是SSLProtocol语句上的一个愚蠢错误。我不小心添加了-SSLv2一个没有意义的,但日志中的错误也是如此。删除它后一切正常。

相关内容