Apache SSL仍显示为不安全
我正在尝试设置我的SSL证书,但网站仍然说https是不安全的 我对000-default.conf进行了如下编辑:Apache SSL仍显示为不安全,apache,ssl,Apache,Ssl,我正在尝试设置我的SSL证书,但网站仍然说https是不安全的 我对000-default.conf进行了如下编辑: <VirtualHost *:80> ServerName millingtonmayers.co.uk Redirect permanent / https://millingtonmayers.co.uk/ </VirtualHost> <VirtualHost *:443> ServerName millin
<VirtualHost *:80>
ServerName millingtonmayers.co.uk
Redirect permanent / https://millingtonmayers.co.uk/
</VirtualHost>
<VirtualHost *:443>
ServerName millingtonmayers.co.uk
SSLEngine on
SSLCertificateFile /home/bensleym/millingtonmayers.co.uk.crt
SSLCertificateKeyFile /home/bensleym/millingtonmayers.co.uk.key
SSLCertificateChainFile /home/bensleym/intermediate.crt
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
ServerName millingtonmayers.co.uk
重定向永久/https://millingtonmayers.co.uk/
ServerName millingtonmayers.co.uk
斯伦金安
SSLCertificateFile/home/bensleym/millingtonmayers.co.uk.crt
SSLCertificateKeyFile/home/bensleym/millingtonmayers.co.uk.key
SSLCertificateChainFile/home/bensleym/intermediate.crt
#ServerName指令设置请求方案、主机名和端口
#服务器使用来标识自身。这在创建时使用
#重定向URL。在虚拟主机的上下文中,服务器名
#指定必须在请求的主机:标头中显示的主机名
#匹配此虚拟主机。对于默认虚拟主机(此文件),此
#价值不是决定性的,因为它被用作最后的宿主
#但是,必须为任何其他虚拟主机显式设置它。
#服务器名www.example.com
服务器管理员webmaster@localhost
DocumentRoot/var/www/html
#可用日志级别:trace8、…、trace1、调试、信息、通知、警告、,
#错误、暴击、警报、紧急情况。
#还可以为特定应用程序配置日志级别
#模块,例如。
#日志级别信息ssl:警告
ErrorLog${APACHE_LOG_DIR}/error.LOG
CustomLog${APACHE\u LOG\u DIR}/access.LOG组合
#对于conf/available/中的大多数配置文件
#在全局级别启用或禁用,可以
#仅包含一个特定虚拟主机的行。例如
#以下行仅为此主机启用CGI配置
#在使用“A2F”全局禁用后。
#包括conf available/service-cgi-bin.conf
重定向似乎也不起作用任何想法?已经签署了CA的证书(millingtonmayers.co.uk.crt)?当我检查时,它说:
Start Time: 1499176042
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
如果是自签名,则不可信。
您可以使用控制台上的“openssl s_client-connect millingtonmayers.co.uk:443”检查此问题,如下所示:
<VirtualHost *:80>
ServerName millingtonmayers.co.uk
Redirect permanent / https://millingtonmayers.co.uk/
</VirtualHost>
<VirtualHost *:443>
ServerName millingtonmayers.co.uk
SSLEngine on
SSLCertificateFile /home/bensleym/millingtonmayers.co.uk.crt
SSLCertificateKeyFile /home/bensleym/millingtonmayers.co.uk.key
SSLCertificateChainFile /home/bensleym/intermediate.crt
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
cat millingtonmayers.co.uk.crt DigiCertCA.crt TrustedRoot.crt>millingtonmayers.co.uk.concatated.crt
4.将millingtonmayers.co.uk.concatatad.crt和millingtonmayers.co.uk.key配置到lb假设ServerName为实际域名其服务的证书看起来像是您自己生成的(自签名)是这样吗?是的,我必须这样做,但不知道该如何设置?对于公共网站,您不能使用您自己生成的证书,这只在您自己的计算机或您控制的网络(如内部网)上有用。证书必须来自可信机构,才能为任何人工作,这意味着您需要花费几美元购买一个我从GoDaddy带来了SSL证书在这种情况下我如何签名?1.generate密钥和csr“openssl req-new-newkey rsa:1024-nodes-keyout millingtonmayers.co.uk..key-out millingtonmayers.co.uk..csr”我用它来生成密钥openssl req-newkey rsa:2048-nodes-keyout-millingtonmayers.co.uk.key-out-millingtonmayers.co.uk.csrf对于一个公共网站,这对你的用户来说根本不起作用。感谢你抽出时间,我使用了godday,然后在有效后给我发送了两个文件。在第4点上,“to lb”是什么意思?LB-负载平衡器,但如果没有,请忽略。要检查crt,可以使用密钥库资源管理器()很好的工具。谢谢你尝试用go daddy重做密钥,但是再次出现了自签名。如果我执行第3步,我的配置会是什么样子?SSLCertificateFile/home/bensleym/millingtonmayers.co.uk.concatated.crt SSLCertificateKeyFile/home/bensleym/millingtonmayers.co.uk.key#SSLCertificateChainFile/home/bensleym/intermediate.crt