Fatal编程技术网
  • apache/
  • Apache SSL证书无法正常工作,没有错误

Apache SSL证书无法正常工作,没有错误

apache ssl

Apache SSL证书无法正常工作,没有错误,apache,ssl,Apache,Ssl,我想把今天生成的ssl证书放在一个网站上,但它不起作用。安全页面未加载,但不安全页面有效。这是我的配置文件: <VirtualHost *:80> ServerName example.com ServerAdmin example@gmail.com ServerAlias www.example.com DocumentRoot /var/www/example <Directory /var/

我想把今天生成的ssl证书放在一个网站上,但它不起作用。安全页面未加载,但不安全页面有效。这是我的配置文件:

<VirtualHost *:80>
        ServerName example.com
        ServerAdmin example@gmail.com
        ServerAlias www.example.com
        DocumentRoot /var/www/example
        <Directory /var/www/example>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        ErrorLog /var/log/example-error.log
        CustomLog /var/log/example-access.log combined
</VirtualHost>


<VirtualHost *:443>


        ServerName example.com
        ServerAdmin example@gmail.com
        ServerAlias www.example.com
        DocumentRoot /var/www/example
        <Directory /var/www/example>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride All
                Require all granted
        </Directory>
        SSLEngine on
        SSLCertificateFile /root/certs/example.crt
        SSLCertificateKeyFile /root/XXX.key
        SSLCertificateChainFile /root/certs/example.crt


ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug

</VirtualHost>
该端口在防火墙中打开

有什么想法吗?

除了Ryan写的绝对正确的内容之外,你应该修复(或删除)

如果您想修复它,您不应该在这里使用证书,而应该使用链,这意味着用于签署您的csr的证书。链可能包含根,也可能不包含根:我个人从不包含根

另一方面,我建议您将证书移到根主目录之外:例如,您可以在apache根目录(/etc/{apache2,httpd}/certs)中创建一个子文件夹。

除了Ryan编写的绝对正确的内容之外,您应该修复(或删除)

如果您想修复它,您不应该在这里使用证书,而应该使用链,这意味着用于签署您的csr的证书。链可能包含根,也可能不包含根:我个人从不包含根

另一方面,我建议您将证书移到根主目录之外:例如,您可以在apache根目录(/etc/{apache2,httpd}/certs)中创建一个子文件夹。

您是否已使用a2ensite启用该站点?是否安装了mod_ssl?你的配置中有Listen 443吗。对听着,443被遗忘了。thx a lot您是否启用了具有a2ensite的站点?是否安装了mod_ssl?你的配置中有Listen 443吗。对听着,443被遗忘了。thx很多 
[Fri Apr 02 22:33:55.266922 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.267378 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.267430 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.267738 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.267751 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.267762 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.267939 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: example / notbefore: Apr  2 00:00:00 2021 GMT / notafter: May  3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.267957 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key
[Fri Apr 02 22:33:55.310426 2021] [ssl:info] [pid 12429] AH02200: Loading certificate & private key of SSL-aware server 'example.com:443'
[Fri Apr 02 22:33:55.310726 2021] [ssl:debug] [pid 12429] ssl_engine_pphrase.c(506): AH02249: unencrypted RSA private key - pass phrase not required
[Fri Apr 02 22:33:55.310770 2021] [ssl:info] [pid 12429] AH01914: Configuring server example.com:443 for SSL protocol
[Fri Apr 02 22:33:55.310983 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(886): AH01904: Configuring server certificate chain (1 CA certificate)
[Fri Apr 02 22:33:55.310994 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(406): AH01893: Configuring TLS extension handling
[Fri Apr 02 22:33:55.311002 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(933): AH02232: Configuring RSA server certificate
[Fri Apr 02 22:33:55.311108 2021] [ssl:debug] [pid 12429] ssl_util_ssl.c(508): AH02412: [example.com:443] Cert matches for name 'example.com' [subject: CN=example.com / issuer: CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1,O=DigiCert Inc,C=US / serial: XXX / notbefore: Apr  2 00:00:00 2021 GMT / notafter: May  3 23:59:59 2022 GMT]
[Fri Apr 02 22:33:55.311117 2021] [ssl:debug] [pid 12429] ssl_engine_init.c(988): AH02236: Configuring RSA server private key

[root@vps httpd]# curl https: //xxx.com
curl: (7) Failed connect to xxx.com:443; Connection refused

SSLCertificateChainFile /root/certs/example.crt