Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
具有多个域的通配符SSL_Ssl_Openssl_Apache_Mod Ssl - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • 具有多个域的通配符SSL

具有多个域的通配符SSL

ssl openssl apache

具有多个域的通配符SSL,ssl,openssl,apache,mod-ssl,Ssl,Openssl,Apache,Mod Ssl,我有一个CentOS/Apache+OpenSSL服务器。我托管了两个域名和通配符子域(应用程序逻辑显示正确的站点),例如 https://*.testing1.com https://*.testing2.com 它在HTTP上工作得非常好:- <VirtualHost *:80> # Admin email, Server Name (domain name) and any aliases ServerAdmin webmaster@testing1.com

我有一个CentOS/Apache+OpenSSL服务器。我托管了两个域名和通配符子域(应用程序逻辑显示正确的站点),例如

https://*.testing1.com

https://*.testing2.com

它在HTTP上工作得非常好:-

   <VirtualHost *:80>
  # Admin email, Server Name (domain name) and any aliases
  ServerAdmin webmaster@testing1.com
  ServerName  testing1.com
  ServerName  testing2.com

  ServerAlias *.testing1.com *.testing2.com

  # Index file and Document Root (where the public files are located)
  DirectoryIndex index.html index.php
  DocumentRoot /home/app/public_html/public

</VirtualHost>


#管理员电子邮件、服务器名(域名)和任何别名
服务器管理员webmaster@testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias*.testing1.com*.testing2.com
#索引文件和文档根目录(公共文件所在的位置)
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
我已经为testing1.com和testing2.com购买了两个通配符SSL认证,但我不确定如何在此结构中设置它:-

    <VirtualHost *.testing1.com:443>
     SSLEngine On
     SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
     SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
     SSLCACertificateFile /etc/httpd/ssl/geotrust.cer

     ServerAdmin john@testing1.com
     ServerName testing1.com
     ServerAlias *.testing1.com

        DirectoryIndex index.html index.php
        DocumentRoot /home/app/public_html/public

  </VirtualHost>

   <VirtualHost *.testing2.com:443>
     SSLEngine On
     SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
     SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
     SSLCACertificateFile /etc/httpd/ssl/geotrust.cer

     ServerAdmin john@testing2.com
     ServerName testing2.com
     ServerAlias *.testing2.com

        DirectoryIndex index.html index.php
        DocumentRoot /home/app/public_html/public

  </VirtualHost>


斯伦金安
SSLCertificateFile/etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile/etc/httpd/ssl/geotrust.cer
服务器管理员john@testing1.com
ServerName testing1.com
ServerAlias*.testing1.com
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
斯伦金安
SSLCertificateFile/etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile/etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile/etc/httpd/ssl/geotrust.cer
服务器管理员john@testing2.com
ServerName testing2.com
ServerAlias*.testing2.com
DirectoryIndex.html index.php
DocumentRoot/home/app/public\u html/public
上面针对SSL的描述不适用于*.testing1.com定义,也不适用于testing1.com

对于testing2.com,我还需要重复这一点。基于名称的虚拟主机和SSL只有在所有虚拟主机都在同一个域中并且您拥有该域的通配符SSL证书时才起作用

但是您有两个不同的域

在这种情况下,只有为每个启用SSL的virtualhost提供自己的IPaddress,它才会起作用。 因此,您应该使用基于IP的虚拟主机,而不是基于名称的

说明:
请求的服务器名包含在HTTP请求头中,但在此之前必须已设置SSL加密。因此,只有在设置加密后,服务器名才可用。因此,Apache永远无法知道te提供的是哪个SSL证书,只能使用该特定IP地址上的第一个可用证书。

使用单个专用IP,我们可以在centos+apache2.2服务器中配置基于域的通配符SSL

希望下面的配置能帮助你们

NameVirtualHost IP:80
NameVirtualHost IP:443
域1

<VirtualHost IP:80>
        ServerName      abc.domain1.com
        DocumentRoot    /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
        ServerName      *.domain1.com
        DocumentRoot    /var/www/html/domain1
        SSLEngine       On
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile      /var/www/html/domain1/cert/5465456.crt
        SSLCertificateKeyFile   /var/www/html/domain1/cert/domain1.com.key
        SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>


服务器名abc.domain1.com
DocumentRoot/var/www/html/domain1
ServerName*.domain1.com
DocumentRoot/var/www/html/domain1
斯伦金安
SSLCipherSuite全部:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile/var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile/var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile/var/www/html/domain1/cert/g2-g1.crt
域2

<VirtualHost IP:80>
        ServerName      abc.domain2.com
        DocumentRoot    /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
        ServerName      abc.domain2.com
        DocumentRoot    /var/www/html/domain2
        SSLEngine       On
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile      /var/www/html/domain2/cert/5465456.crt
        SSLCertificateKeyFile   /var/www/html/domain2/cert/domain1.com.key
        SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>


服务器名abc.domain2.com
DocumentRoot/var/www/html/domain2
服务器名abc.domain2.com
DocumentRoot/var/www/html/domain2
斯伦金安
SSLCipherSuite全部:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile/var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile/var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile/var/www/html/domain2/cert/g2-g1.crt
我在这里有点不知所措,但是/etc/httpd/ssl/*.testing1.com.crt不是一个文件路径吗?它能有一个asterix吗?为Noobness道歉谢谢,如果我想将两个不同的https域指向同一个
DocumentRoot