我有两个虚拟主机,并使用两个证书 . 虽然未在以下httpd.conf文件中指出,但我使用* .example.com以及* .sites.example.com,因此需要两个证书 . 访问https://bla.sites.example.com/时,浏览器显示以下警告:
bla.sites.example.com uses an invalid security certificate.
The certificate is only valid for the following names: *.example.com, example.com
(Error code: ssl_error_bad_cert_domain)
如果我删除了第一个重定向到www.example.com的VirtualHost,我就不会收到警告 .
为什么会这样,我应该如何为不同的VirtualHosts使用多个CA证书?
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com and *.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
RewriteEngine on
RewriteRule .* https://www.example.com%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.sites.example.com
ErrorDocument 404 /error-404.html
DocumentRoot /var/www/example/html_sites
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com, sites.example.com and *.sites.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_sites_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
<Directory "/var/www/example/html_sites">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
请注意,我在/etc/httpd/conf.d/ssl.conf中有以下设置:
#Following certificate is good for example.com and *.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCACertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
1 回答
您的VHOST设置不正确 . 你们两个都指向
ServerName example.com
它们都应该具有不同的特定
ServerName
和不同的文档根 . 然后apache将知道将请求发送到正确的vhost的位置,您将不会收到该错误 .You can see more configuration help here. Multiple Certs using SNI
由于它们是两种不同的证书,因此您的虚拟主机看起来应该是这样的 .
还要记住在进行更改时重新启动apache .