Fatal编程技术网
  • apache/
  • Apache 如何将不同的SSL证书应用于同一IP上的不同域?

Apache 如何将不同的SSL证书应用于同一IP上的不同域?

apache ssl

Apache 如何将不同的SSL证书应用于同一IP上的不同域?,apache,ssl,virtualhost,Apache,Ssl,Virtualhost,如何将不同的SSL证书应用于同一IP、同一服务器和同一虚拟主机上的不同域(我使用的是apache 2.2)?现在它不工作,需要在Apache2.2上使用单个virtualhost 贝娄,你有我正在尝试的东西: <VirtualHost *:80> ServerName main_url.com ServerAlias *.main_url.com DocumentRoot /app_path <Directory "/app_path"> Opti

如何将不同的SSL证书应用于同一IP、同一服务器和同一虚拟主机上的不同域(我使用的是apache 2.2)?现在它不工作,需要在Apache2.2上使用单个virtualhost

贝娄,你有我正在尝试的东西:

<VirtualHost *:80>
  ServerName main_url.com
  ServerAlias *.main_url.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>



NameVirtualHost *:443

<VirtualHost *:443>
  ServerName main_url.com
  ServerAlias *.main_url.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/main_url_com.crt
  SSLCertificateKeyFile /certs/main_url_com.key
  SSLCertificateChainFile /certs/main_url_com.ca-bundle
</VirtualHost>

<VirtualHost *:80>
  ServerName url_site1.com
  Redirect permanent / https://url_site1.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName url_site1.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/url_site1.crt
  SSLCertificateKeyFile /certs/url_site1.key
  SSLCertificateChainFile /certs/url_site1.ca-bundle
</VirtualHost>


<VirtualHost *:80>
  ServerName url_site2.com
  Redirect permanent / https://url_site2.dk/
</VirtualHost>

<VirtualHost *:443>
  ServerName url_site2.com
  DocumentRoot /app_path
  <Directory "/app_path">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
  SSLEngine on
  SSLCertificateFile /certs/url_site2.crt
  SSLCertificateKeyFile /certs/url_site2.key
  SSLCertificateChainFile /certs/url_site2.ca-bundle
</VirtualHost>


ServerName main_url.com
ServerAlias*.main_url.com
DocumentRoot/app\u路径
选项如下符号链接
不允许超限
命令允许,拒绝
通融
名称虚拟主机*:443
ServerName main_url.com
ServerAlias*.main_url.com
DocumentRoot/app\u路径
选项如下符号链接
不允许超限
命令允许,拒绝
通融
斯伦金安
SSLCertificateFile/certs/main\u url\u com.crt
SSLCertificateKeyFile/certs/main_url_com.key
SSLCertificateChainFile/certs/main\u url\u com.ca-bundle
服务器名url_site1.com
重定向永久/https://url_site1.com/
服务器名url_site1.com
DocumentRoot/app\u路径
选项如下符号链接
不允许超限
命令允许,拒绝
通融
斯伦金安
SSLCertificateFile/certs/url\u site1.crt
SSLCertificateKeyFile/certs/url\u site1.key
SSLCertificateChainFile/certs/url\u site1.ca-bundle
服务器名url_site2.com
重定向永久/https://url_site2.dk/
服务器名url_site2.com
DocumentRoot/app\u路径
选项如下符号链接
不允许超限
命令允许,拒绝
通融
斯伦金安
SSLCertificateFile/certs/url\u site2.crt
SSLCertificateKeyFile/certs/url\u site2.key
SSLCertificateChainFile/certs/url\u site2.ca-bundle
一切帮助都将不胜感激

多谢各位

Fabio

如果您熟悉服务器配置,这非常容易。请遵循下面提到的步骤,你一定会达到你想要的

1。您必须为两个域创建两个不同的目录。

mkdir -p /etc/apache2/ssl/example1.com
mkdir -p /etc/apache2/ssl/example2.com
2。接下来,您必须激活SSL模式

sudo a2enmod ssl
sudo service apache2 restart
3。为第一个域创建自签名SSL证书

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example1.com/apache.key –out /etc/apache2/ssl/example1.com/apache.crt
4。然后填写您要求的详细信息,如:-

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Clifornia
Locality Name (eg, city) []:Los Angeles
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AFffas LLC
Organizational Unit Name (eg, section) []:Dept of marketing
Common Name (e.g. server FQDN or YOUR name) []:example1.com                  
Email Address []:johndoe@example1.com
5。第二步(example2.com)采取同样的步骤

6。现在需要创建虚拟主机

sudo nano /etc/apache2/sites-available/example1.com
sudo nano /etc/apache2/sites-available/example2.com

sudo a2ensite example1.com
sudo a2ensite example2.com
接下来打开每个文件并粘贴到下面的配置中。此配置是两个单独配置文件的简化版本:默认虚拟服务器配置文件位于/etc/apache2/sites available/default,默认SSL配置位于/etc/apache2/sites available/default SSL

此配置包含一个重要的更改,有助于实现多个SSL证书。而默认SSL配置有以下行,指定一个证书作为服务器的默认证书

<VirtualHost _default_:443>
之后,只需重新启动apache

sudo service apache2 restart
现在,您应该能够访问这两个站点,每个站点都有自己的域名和SSL证书。

您可能需要检查OpenSSL安装是否支持SNI:。除此之外,配置非常简单,因为您不需要执行任何与基于ip/端口的设置不同的操作。如果您能解释提问者在设置中出错的地方,这将非常有用。您好!我认为提问者需要让服务器监听端口443,以便在同一台服务器上处理多个证书。请看一下第7步 
sudo nano /etc/apache2/ports.conf 


NameVirtualHost *:80
NameVirtualHost *:443

Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to 
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

sudo a2ensite example1.com
sudo a2ensite example2.com

sudo service apache2 restart