Apache 如何解决localhost发送的无效响应:ERR\u SSL\u PROTOCOL\u ERROR
我正试图让apache2在Ubuntu20上使用证书(selc创建的)。 当我尝试使用Chrome打开时,我得到的端点() 花一整晚的时间在这上面,可能需要一些帮助来理解我做错了什么,以及如何正确地调试它 //阿帕奇形态 httpd.conf位于/etc/apache2中/Apache 如何解决localhost发送的无效响应:ERR\u SSL\u PROTOCOL\u ERROR,apache,ssl-certificate,self-signed-certificate,Apache,Ssl Certificate,Self Signed Certificate,我正试图让apache2在Ubuntu20上使用证书(selc创建的)。 当我尝试使用Chrome打开时,我得到的端点() 花一整晚的时间在这上面,可能需要一些帮助来理解我做错了什么,以及如何正确地调试它 //阿帕奇形态 httpd.conf位于/etc/apache2中/ LoadModule mpm_prefork_module libexec/apache2/mod_mpm_prefork.so LoadModule log_config_module libexec/apache2/mo
LoadModule mpm_prefork_module libexec/apache2/mod_mpm_prefork.so
LoadModule log_config_module libexec/apache2/mod_log_config.so
LoadModule mime_module libexec/apache2/mod_mime.so
LoadModule dir_module libexec/apache2/mod_dir.so
LoadModule authz_core_module libexec/apache2/mod_authz_core.so
LoadModule unixd_module libexec/apache2/mod_unixd.so
LoadModule rewrite_module libexec/apache2/mod_rewrite.so
LoadModule php7_module libexec/apache2/libphp7.so
LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so
LoadModule ssl_module libexec/apache2/mod_ssl.so
User _www
Group _www
DirectoryIndex index.html
ErrorLog "/var/log/apache2/error_log"
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog "/var/log/apache2/access_log" common
TypesConfig /etc/apache2/mime.types
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
DirectoryIndex index.html index.php
<Directory /home/prtz/workspace/frontend/build>
Options Indexes FollowSymLinks
Require all granted
AllowOverride All
</Directory>
ServerName local.pretzel.com
Listen 443
SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<VirtualHost *:443>
DocumentRoot "/home/prtz/workspace/frontend/build"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/etc/apache2/local.pretzel.com.crt"
SSLCertificateKeyFile "/etc/apache2/local.pretzel.com.nopass.key"
ServerName local.pretzel.com
</VirtualHost>
cat /etc/hosts
127.0.0.1 local.pretzel.com
127.0.0.1 localhost
127.0.1.1 ubuntu
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
openssl openssl req -newkey rsa:2048 -x509 -nodes \\
-keyout local.pretzel.com.key \\
-new \\
-out local.pretzel.com.crt \\
-subj /CN=local.pretzel.com \\
-reqexts SAN \\
-extensions SAN \\
-config <(cat /usr/lib/ssl/openssl.cnf \\
<(printf '[SAN]\nsubjectAltName=DNS:local.pretzel.com')) \\
-sha256 \\
-days 3650
sudo openssl rsa -in local.pretzel.com.key -out local.pretzel.com.nopass.key
sudo mv *.key *.crt /etc/apache2
openssl verify local.pretzel.com.crt
local.pretzel.com.crt: OK
openssl s_client -connect local.pretzel.com:443 -CApath /etc/ssl/certs
CONNECTED(00000003)
140129913148736:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
sudo ufw status
[sudo] password for prtz:
Status: active
To Action From
-- ------ ----
Apache ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
443/tcp ALLOW Anywhere
Apache (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
curl https://local.pretzel.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
对于证书,它是用 对于apache配置,将部件从httpd.conf移动到 sites available/folder,其conf文件与我使用的域相同
sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping duplicate certificate in server.pem
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
openssl verify local.pretzel.com.crt
local.pretzel.com.crt: OK
openssl s_client -connect local.pretzel.com:443 -CApath /etc/ssl/certs
CONNECTED(00000003)
140129913148736:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
sudo ufw status
[sudo] password for prtz:
Status: active
To Action From
-- ------ ----
Apache ALLOW Anywhere
443 ALLOW Anywhere
80 ALLOW Anywhere
443/tcp ALLOW Anywhere
Apache (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
curl https://local.pretzel.com
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
curl https://local.pretzel.com