1. 首頁
  2. 問答
  3. 的Apache 2.4是搞亂了SSL證書

的Apache 2.4是搞亂了SSL證書

2017-07-06 128 views
1

我有兩個SSL證書 爲域* .example.com的和* .dev.example.com下面虛擬主機配置:的Apache 2.4是搞亂了SSL證書

<VirtualHost *:443> 
    ServerName site.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key 

    ProxyPreserveHost on 
    ProxyPass/http://192.168.1.101:8073/ 
    ProxyPassReverse/http://192.168.1.101:8073/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerName site.dev.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/dev_example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key 

    ProxyPreserveHost on 
    ProxyPass/http://192.168.1.102:8073/ 
    ProxyPassReverse/http://192.168.1.102:8073/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerAlias *.dev.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/dev_example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/dev_example.key 

    <Proxy balancer://devcluster> 
     BalancerMember http://192.168.1.201:8182 
     BalancerMember http://192.168.1.202:8182 
    </Proxy>  
    ProxyPass/balancer://devcluster/ 
    ProxyPassReverse/balancer://devcluster/ 
</VirtualHost> 

<VirtualHost *:443> 
    ServerAlias *.example.com 

    SSLEngine on 
    SSLProxyEngine on 
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 
    SSLCertificateFile /etc/apache2/ssl/certs/example.crt 
    SSLCertificateKeyFile /etc/apache2/ssl/private/example.key 

    <Proxy balancer://mycluster> 
     BalancerMember http://192.168.1.203:8182 
     BalancerMember http://192.168.1.204:8182 
    </Proxy>  
    ProxyPass/balancer://mycluster/ 
    ProxyPassReverse/balancer://mycluster/ 
</VirtualHost>

當訪問的網站我得到如下:

  1. site.example.com具有有效證書* .example.com的從example.crt

  2. site.dev.example.com具有dev_example.crt

  3. anything.dev.example.com有* .dev.example有效證明,* .dev.example.com有效證書。 COM從dev_example.crt

  4. anything.example.com將失效證書*從dev_example.crt在spceified * .dev.example.com虛擬主機.dev.example.com

貌似虛擬主機「ServerAlias * .example.com的」正在復甦中的虛擬主機指定的證書「ServerAlias * .dev.example.com」

它是Apache的故障或有毛病我的配置?

來源

2017-07-06 V. Smt

回答

2

您需要爲每個SSL虛擬主機選擇唯一的ServerName,即使您希望ServerAlias代表您需要的內容。 mod_ssl使用servername作爲SNI的關鍵字。

來源

2017-07-09 19:32:25 covener

+0

好的,我會試試,謝謝。 –

+0

你仍然可以使用serveralias,你只是不能Omi ServerName或有dup的 – covener

+0

是的,它的工作,非常感謝。 –

相關問題

 相關問題