为服务器上的第二个域添加第二个 SSL - 第二个域仍在使用第一个 SSL 证书

tag-icon tag-icon apache-2.2 amazon-ec2 ssl ssl-certificate
为服务器上的第二个域添加第二个 SSL - 第二个域仍在使用第一个 SSL 证书

我需要向我的服务器上的第二个域添加 SSL 证书(AWS Amazon Linux)

我以为我正确启用了 SNI?虽然可能不是...

domain1 已经有一个有效的 SSL 证书。
第一次尝试时,我陷入了重定向循环。第二次(当前)尝试时,/users/login/ 目录出现 403/Forbidden。

httpd -v
Server version: Apache/2.2.29 (Unix)

基础 httpd.conf: ... LoadModule ssl_module 模块/mod_ssl.so

Listen 80
NameVirtualHost *:80
Listen 443
NameVirtualHost *:443
...

域1.conf:

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost *:443>

   ServerAdmin [email protected]
   ServerName domain1.com

   SSLEngine On
   SSLProtocol all -SSLv2

   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

   SSLCertificateFile /var/www/domain1.com/apache_includes/secure/domain1.com.crt
   SSLCertificateKeyFile /var/www/domain1.com/apache_includes/secure/domain1.com.key
   SSLCertificateChainFile /var/www/domain1.com/apache_includes/secure/gd_bundle.crt

   ProxyPreserveHost On

   RequestHeader set X-Forwarded-Protocol https
   ProxyPass / http://127.0.0.1/

   SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

</VirtualHost>

域2.conf:

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost *:443>

   ServerAdmin [email protected]

   ServerName domain2.com
   ServerAlias www.domain2.com #prob don't need this....

   SSLEngine On
   SSLStrictSNIVHostCheck on
   SSLProtocol all -SSLv2

   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

   SSLCertificateFile /var/www/domain2.com/apache_includes/secure/domain2.crt
   SSLCertificateKeyFile /var/www/domain2.com/apache_includes/secure/domain2.key
   SSLCertificateChainFile /var/www/domain2.com/apache_includes/secure/bundle.crt

   ProxyPreserveHost On

   RequestHeader set X-Forwarded-Protocol https
   ProxyPass / http://127.0.0.1/

   SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

</VirtualHost>

答案1

在 Apache 2.2 中,NameVirtualHost指令必须与<VirtualHost>块匹配(因此<VirtualHost *:443>对两个块都使用)

块内的和指令用于根据传入的请求选择要提供的块ServerNameServerAlias<VirtualHost>

相关内容