我从过去三天开始就面临一个奇怪的问题;在我将问题发布在这里之前,我已经做了所有需要做的事情。
我的 httpd.conf 如下所示:
NameVirtualHost *:443
Listen *:443
<VirtualHost server1.example.com:443>
ServerName server1
#ServerName server1.example.com
SSSLEngine on
</VirtualHost>
SSL 已应用于 server1.example.com,但当我们访问网站时,它仅在 ServerName server1 上起作用,而不在 ServerName server1.example.com 上起作用。我们的任何配置和网络文件中都没有 server1。
所以当我们这样做的时候https://server1.example.com/xyz/--- 它与 ServerName server1 一起工作,但是不适用于 ServerName server1.example.com。
这里的问题在哪里?我不明白。/etc/hosts、/etc/sysconfig/network,没有哪个地方有 server1;甚至在 DNS 中也是如此。
请提出建议。
这是我们在错误日志中得到的内容:
[Thu Nov 24 11:40:14 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:40:14 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:40:14 2016] [notice] Digest: done
[Thu Nov 24 11:40:14 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:40:14 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:40:14 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Nov 24 11:49:47 2016] [notice] caught SIGTERM, shutting down
[Thu Nov 24 11:49:47 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 24 11:49:47 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate CommonName (CN) `server1' does NOT match server name!?
[Thu Nov 24 11:49:47 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:49:47 2016] [notice] Digest: done
[Thu Nov 24 11:49:47 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Nov 24 11:49:47 2016] [warn] RSA server certificate CommonName (CN) `server1' does NOT match server name!?
[Thu Nov 24 11:49:47 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
[Thu Nov 24 11:55:19 2016] [notice] caught SIGTERM, shutting down
[Thu Nov 24 11:55:20 2016] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Thu Nov 24 11:55:20 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:55:20 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:55:20 2016] [notice] Digest: generating secret for digest authentication ...
[Thu Nov 24 11:55:20 2016] [notice] Digest: done
[Thu Nov 24 11:55:20 2016] [notice] SSL FIPS mode disabled
[Thu Nov 24 11:55:20 2016] [warn] RSA server certificate CommonName (CN) `server1.example.com' does NOT match server name!?
[Thu Nov 24 11:55:20 2016] [notice] Apache/2.2.3 (Red Hat) configured -- resuming normal operations
答案1
尝试
<VirtualHost *:443>
ServerName server1.example.com
ServerAlias server1
SSLEngine on
</VirtualHost>
您希望语句中的通配符VirtualHost关闭基于 IP 的 vhost 映射。http://httpd.apache.org/docs/2.4/vhosts/name-based.html
请注意固定线(SSLEngine而不是SSSLEngine)。
答案2
ServerName server1.example.com
ServerAlias server1
答案3
尝试将您的配置更改为:
NameVirtualHost *:443
Listen *:443
<VirtualHost *:443>
ServerName server1.example.com
ServerAlias server1
SSSLEngine on
</VirtualHost>
我倾向于避免在 VirtualHost 指令中使用主机名。如果 DNS 或主机名查找过程的任何方面出现故障(无论是在您的服务器上,还是在您的服务器指向/使用的 DNS 服务器上),并且 Apache 无法确定server1.example.com在初始启动时解析的内容,它将不会加载虚拟主机配置。
其次,ServerName是错误页面(404 未找到、500 内部错误等)中显示的字符串和您网站的“主要名称”,因此我倾向于使用完全限定的主机名ServerName。如果我需要通过其他名称访问该网站,我会使用指令添加这些(一个或多个)ServerAlias(您可以有多行ServerAlias或每行给出多个名称ServerAlias)。
但由于这是 SSL,我高度怀疑您会发现通过访问时存在证书不匹配的情况server1,但如果您忽略浏览器安全警告,这仍然应该有效。