我们在 Apache 2.4 上遇到了这个看似简单的配置问题。使用虚拟主机 site2.net 时,我们似乎无法获取正确的证书。我们总是获得 site1.net 的证书。以下是我们的apacectl -S
:
VirtualHost configuration:
*:446 is a NameVirtualHost
default server site1.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf:3)
port 446 namevhost site1.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf:3)
port 446 namevhost site2.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/site2.conf:3)
*:444 other.net (/opt/rh/httpd24/root/etc/httpd/sites-enable/other.conf:2)
以下是 VH 配置:
$ cat /opt/rh/httpd24/root/etc/httpd/sites-enable/site1.conf
<VirtualHost *:446>
ServerName site1.net
DocumentRoot /www/site1
<Directory /www/site1>
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateKeyFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site1.key
SSLCertificateFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site1.pem
</VirtualHost>
$ cat /opt/rh/httpd24/root/etc/httpd/sites-enable/site2.conf
<VirtualHost *:446>
ServerName site2.net
DocumentRoot "/www/site1/xyz"
<Directory "/www/site1/xyz">
AllowOverride All
Require all granted
Options -Indexes
</Directory>
SSLCertificateKeyFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site2.key
SSLCertificateFile /opt/rh/httpd24/root/etc/httpd/conf/certs/site2.pem
</VirtualHost>
conf 文件/opt/rh/httpd24/root/etc/httpd/conf.d/ssl.conf
未定义 VirtualHost。如果我们交换证书并让第一个虚拟主机加载第二个证书,我们就能正确看到它(即证书本身没有问题)。
我们正在测试openssl s_client -connect myip:446 -servername site2.net
为什么会出现这种奇怪的行为?非常感谢!