Anu*_*nup 12 ssl apache2 ssl-certificate
我有一个ssl证书,我正在运行ubuntu
domain.crt和domain.ca-bundle文件以及指定的文件夹,但无论我一直收到这些错误
[Sat Jul 27 06:35:00 2013] [error] Unable to configure verify locations for client authentication
[Sat Jul 27 06:35:00 2013] [error] SSL Library Error: 218570875 error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
[Sat Jul 27 06:36:55 2013] [error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] (/etc/apache2/sites-enabled/default-ssl:2)
我的port.conf是
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
我的default-ssl如下
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
-----------
---------------
-------------------- more configs
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
# SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateFile /etc/ssl/private/domain.crt
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateChainFile /etc/ssl/private/domain.ca-bundle
jua*_*tas 21
我在/etc/apache2/apache2.conf中添加了这些
SSLCertificateFile your.crt
SSLCertificateKeyFile your.key
SSLCertificateChainFile your_bundle.crt
当我在apache中启用ssh来读取文件/usr/share/doc/apache2.2-common/README.Debian.gz时,有一些消息,它说:
6) Message "Server should be SSL-aware but has no certificate configured" in
error log
Since 2.2.12, Apache is stricter about certain misconfigurations concerning
name based SSL virtual hosts. See NEWS.Debian.gz for more details.
而新闻说:
* The new support for TLS Server Name Indication added in 2.2.12 causes
Apache to be stricter about certain misconfigurations involving name
based SSL virtual hosts. This may result in Apache refusing to start
with the logged error message:
Server should be SSL-aware but has no certificate configured
[Hint: SSLCertificateFile]
Up to 2.2.11, Apache accepted configurations where the necessary SSL
configuration statements were included in the first (default)
<Virtualhost *:443> block but not in subsequent <Virtualhost *:443>
blocks. Starting with 2.2.12, every VirtualHost block used with SSL must
contain the SSLEngine, SSLCertificateFile, and SSLCertificateKeyFile
directives (SSLCertificateKeyFile is optional in some cases).
When you encounter the above problem, the output of the command
egrep -ir '^[^#]*(sslcertificate|sslengine|virtualhost)' \
/etc/apache2/*conf* /etc/apache2/*enabled
may be useful to determine which VirtualHost sections need to be changed.
还有更多.