在 Apache 上设置 SSL

该证书是自签名的，并使用

openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout private.key -out public.crt

要求

http://domain.com - HTTP 200
https://domain.com - HTTP 404

httpd配置文件

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    ServerName domain.com
    DocumentRoot /var/www/domain.com/public/api
</VirtualHost>

<VirtualHost *:443>
    ServerName domain.com
    DocumentRoot /var/www/domain.com/public/api

    SSLEngine on
    SSLCertificateFile /var/ini/ssl/domain.com/public.crt
    SSLCertificateKeyFile /var/ini/ssl/domain.com/private.key
</VirtualHost>

Apache 模块

# apache2ctl -M
[Tue Oct 08 11:09:38 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
[Tue Oct 08 11:09:38 2013] [warn] NameVirtualHost *:80 has no VirtualHosts
Loaded Modules:
...
 ssl_module (shared)
Syntax OK

日志

[Tue Oct 08 12:36:34 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Oct 08 12:36:34 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Oct 08 13:14:13 2013] [info] Loading certificate & private key of SSL-aware server
[Tue Oct 08 13:14:13 2013] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Tue Oct 08 13:14:14 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Oct 08 13:14:14 2013] [info] Configuring server for SSL protocol
[Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(469): Creating new SSL context (protocols: SSLv3, TLSv1, TLSv1.1, TLSv1.2)
[Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(420): Configuring TLS extension handling
[Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(836): Configuring RSA server certificate
[Tue Oct 08 13:14:14 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(875): Configuring RSA server private key