我正在配置 SSL 以在 RHEL7 上与 Apache 2.4 一起运行。正如预期的那样,在添加 SSL 配置之前,httpd 成功启动。添加证书和配置文件后,启动失败,并显示消息“PAM 无法 dlopen(/usr/lib64/security/pam_lsass.so)”。我找不到有关 PAM 和 SSL 之间关系的任何文档。我的配置文件是:
SSL CONFIGURATION FILE
Listen 443 https
SSLPassPhraseDialog exec:/etc/httpd/conf.d/getpass
<VirtualHost XXX.121.XXX.85:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:+MEDIUM:!SSLv2:!EXP:!ADH:!aNULL:!eNULL:!NULL
SSLCertificateFile /etc/pki/tls/certs/tsl.crt
SSLCertificateKeyFile /etc/pki/tls/private/tsl.key
SSLCACertificateFile /etc/pki/tls/GE_bundle.cer
SSLVerifyClient
</VirtualHost>
HTTPD CONFIGURATION FILE
ServerRoot "/etc/httpd"
Timeout 60
Listen XXX.121.XXX.85:80
Header set X-Frame-Options "deny"
Include conf.d/*.conf
SetOutputFilter DEFLATE
User apache
Group apache
ServerSignature Off
FileETag None
TraceEnable Off
ServerAdmin [email protected]
ServerName ms.example.com:80
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot "/var/www/html"
<Directory "/var/www">
Options -Indexes -FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory "/var/www/html">
Options -Indexes -FollowSymLinks -Includes
FileETag None
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>
AllowOverride None
Require all granted
</Directory>
<Directory "/tsl">
Options +ExecCGI -Indexes -Includes
AllowOverride None
FileETag None
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
</Directory>
<Directory "/var/www/cgi-bin/evm">
AllowOverride None
Options None
Require all granted
FileETag None
</Directory>
<Directory "/var/www/cgi-bin/test">
AllowOverride None
FileETag None
Options None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files ".ht*">
Require all denied
</Files>
ErrorLog "logs/error_log"
LogLevel debug
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
Alias /icons/ "/var/www/icons/"
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
ScriptAlias /utilities/ "/tsl/"
</IfModule>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
FileETag None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler cgi-script .cgi
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
谢谢