具有多个域的通配符SSL
我有一个CentOS/Apache+OpenSSL服务器。我托管了两个域名和通配符子域(应用程序逻辑显示正确的站点),例如 https://*.testing1.com https://*.testing2.com 它在HTTP上工作得非常好:-具有多个域的通配符SSL,ssl,openssl,apache,mod-ssl,Ssl,Openssl,Apache,Mod Ssl,我有一个CentOS/Apache+OpenSSL服务器。我托管了两个域名和通配符子域(应用程序逻辑显示正确的站点),例如 https://*.testing1.com https://*.testing2.com 它在HTTP上工作得非常好:- <VirtualHost *:80> # Admin email, Server Name (domain name) and any aliases ServerAdmin webmaster@testing1.com
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster@testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias *.testing1.com *.testing2.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
#管理员电子邮件、服务器名(域名)和任何别名
服务器管理员webmaster@testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias*.testing1.com*.testing2.com
#索引文件和文档根目录(公共文件所在的位置)
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
我已经为testing1.com和testing2.com购买了两个通配符SSL认证,但我不确定如何在此结构中设置它:-
<VirtualHost *.testing1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john@testing1.com
ServerName testing1.com
ServerAlias *.testing1.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
<VirtualHost *.testing2.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john@testing2.com
ServerName testing2.com
ServerAlias *.testing2.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
斯伦金安
SSLCertificateFile/etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile/etc/httpd/ssl/geotrust.cer
服务器管理员john@testing1.com
ServerName testing1.com
ServerAlias*.testing1.com
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
斯伦金安
SSLCertificateFile/etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile/etc/httpd/ssl/geotrust.cer
服务器管理员john@testing2.com
ServerName testing2.com
ServerAlias*.testing2.com
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
上面针对SSL的描述不适用于*.testing1.com定义,也不适用于testing1.com
对于testing2.com,我还需要重复这一点。基于名称的虚拟主机和SSL只有在所有虚拟主机都在同一个域中并且您拥有该域的通配符SSL证书时才起作用 但是您有两个不同的域 在这种情况下,只有为每个启用SSL的virtualhost提供自己的IPaddress,它才会起作用。 因此,您应该使用基于IP的虚拟主机,而不是基于名称的 说明:
请求的服务器名包含在HTTP请求头中,但在此之前必须已设置SSL加密。因此,只有在设置加密后,服务器名才可用。因此,Apache永远无法知道te提供的是哪个SSL证书,只能使用该特定IP地址上的第一个可用证书。使用单个专用IP,我们可以在centos+apache2.2服务器中配置基于域的通配符SSL 希望下面的配置能帮助你们
NameVirtualHost IP:80
NameVirtualHost IP:443
域1
<VirtualHost IP:80>
ServerName abc.domain1.com
DocumentRoot /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
ServerName *.domain1.com
DocumentRoot /var/www/html/domain1
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>
服务器名abc.domain1.com
DocumentRoot/var/www/html/domain1
ServerName*.domain1.com
DocumentRoot/var/www/html/domain1
斯伦金安
SSLCipherSuite全部:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile/var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile/var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile/var/www/html/domain1/cert/g2-g1.crt
域2
<VirtualHost IP:80>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>
服务器名abc.domain2.com
DocumentRoot/var/www/html/domain2
服务器名abc.domain2.com
DocumentRoot/var/www/html/domain2
斯伦金安
SSLCipherSuite全部:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile/var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile/var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile/var/www/html/domain2/cert/g2-g1.crt
我在这里有点不知所措,但是/etc/httpd/ssl/*.testing1.com.crt不是一个文件路径吗?它能有一个asterix吗?为Noobness道歉谢谢,如果我想将两个不同的https域指向同一个DocumentRoot
?