dav*_*ids 1 mod-ssl ssl-certificate amazon-linux apache-2.4
我正在安装 SSL 证书来为 HTTPS 提供服务。我使用Apache 2.4的Amazon Linux,并获得在证书startssl如果。我的 Vhost 配置如下:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@myweb.com
ServerName myweb.com
DocumentRoot /var/www/html/myapp
<Directory /var/www/htmlmyapp>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/httpd/error_log
LogLevel warn
CustomLog /var/log/httpd/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mycert.crt
SSLCertificateKeyFile /etc/ssl/private/mycert.key
SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
当我重新启动 Apache 时,我得到以下输出:
Stopping httpd: [ OK ]
Starting httpd: Apache/2.4.12 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Private key myweb.com:443:0 (/etc/ssl/private/mycert.key)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
Apache:mod_ssl:Error: Private key not found.
**Stopped
[FAILED]
所以,它要求我输入密钥的密码,密码是可以的,然后它说找不到它。我错过了什么?
在您的配置中,您有以下三行:
SSLCertificateFile /etc/ssl/certs/mycert.crt
SSLCertificateKeyFile /etc/ssl/private/mycert.key
SSLCertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
你在重复SSLCertificateFile。这意味着 Apache 将使用该变量的第二个实例,即/etc/ssl/certs/sub.class1.server.ca.pem- 但您的密钥是 for 的/etc/ssl/certs/mycert.crt,因此它与 CA 证书不匹配。因此,Apache 无法找到证书的密钥。
可能你的配置应该是这样的:
# Server certificate
SSLCertificateFile /etc/ssl/certs/mycert.crt
# Key to server certificate
SSLCertificateKeyFile /etc/ssl/private/mycert.key
# Glue certificate to CA
SSLCACertificateFile /etc/ssl/certs/sub.class1.server.ca.pem
请注意,第二个证书以 开头,SSLCA而不仅仅是SSL.
| 归档时间: |
|
| 查看次数: |
11670 次 |
| 最近记录: |