服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Apache的SSL不能远程工作
Intereting Posts
Route53域和子域以及第四级通配符? 两个DHCP服务器,阻止其中一个客户端? 我可以将Google Apps用于邮件,但可以使用Exchange查看日历,任务和联系人? PCL XL错误 Robocopy以recursion文件结构排除目录 在Ubuntu 14.04上安装Spinnaker的SSL证书错误 Nginx向两个容器提供请求 使用高端NAS作为vSphere / HyperV存储 使用特定计算机的AD用户限制对共享的访问 如何获得一个EC实例的静态IP? 或者,如何使用 启用了KeepAlive,Apache httpd进程的数量通过屋顶拍摄 重启后别名不会保存 如果子脚本在后台运行,则“run-one”命令不起作用 如何将一个DNS名称分配给Ansible中的variables? SQL Server问题:用户“用户名”login失败

Apache的SSL不能远程工作

我正在尝试使用ssl设置apache2.2,但是我无法远程连接到它。 

My Virtualhost looks like this: NameVirtualHost *:443 <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/ssl/localcerts/host1/apache.pem ServerName mail.host1.net DocumentRoot /usr/share/squirrelmail <Directory /> Options -Indexes AllowOverride All </Directory> ErrorLog /var/log/apache2/mail.host1.log LogLevel warn CustomLog /var/log/apache2/mail.host1-access.log combined ServerSignature Off </VirtualHost>

我已经使用这个教程创build了ssl文件: http : //wiki.debian.org/Self-Signed_Certificate

当我连接本地 

 server ~ openssl s_client -connect localhost:443 CONNECTED(00000003) depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd verify error:num=18:self signed certificate verify return:1 depth=0 /C=AU/ST=Some-State/O=Internet Widgits Pty Ltd verify return:1 --- Certificate chain 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --- Server certificate -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd --- No client certificate CA names sent --- SSL handshake has read 1265 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: [...] Session-ID-ctx: Master-Key: [...] Key-Arg : None Start Time: 1357993878 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- closed

但是当我远程执行时: 

 [13:27:05:gentoo@~/]openssl s_client -connect mail.host1.net:443 CONNECTED(00000003) 139720085706408:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 322 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

Nmap告诉我,端口443是打开的。

当我通过http://mail.host1.net:443连接到我的网站,它的工作,但SSL不

希望有人能帮忙。

日志只是说: 

 [Sat Jan 12 19:25:50 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat Jan 12 19:25:50 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

您还需要指向私钥的SSLCertificateKeyFile 。 但是,这并不能解释为什么你会得到一个工作的SSL连接到localhost – 听起来像你可能有一些旧的configuration仍然在位。

完成SSLconfiguration更改后,您是否完全重新启动Apache? 你能提供apachectl -S的输出吗?