服务器 Gind.cn
  1. 服务器 Gind.cn
  3. HTTPS返回404
Intereting Posts
在Linux上与多个远程ISP的IPSEC CMS垃圾收集运行后,WebLogic服务器似乎冻结 rc.local中的bash代码在启动后不能执行 在innodb列locking? 我们可以在DNS上添加随机条目吗? 在救援模式下,在Ubuntu 10.04服务器上禁用cron作业或cron守护进程 如何连接两个不同的lans 为什么我的“好”级别不反映在CPU使用率? 我怎么知道哪些共享文件夹文件已移动在Windows Server 2008下? PowerEdge M915上的iDRACView无法启动 为什么没有启用符号链接 – apache 在PAM LDAP查询中使用服务器IP 如何完成保存Amazon EC2实例的状态? VMWare Server 2.0 BIOS是否支持USB? Windows Server 2003 – 用户可以看到服务器,但无法连接

HTTPS返回404

在Apache上安装了SSL

证书是自签名的,并与之生成 

openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout private.key -out public.crt

要求 

 http://domain.com - HTTP 200 https://domain.com - HTTP 404

httpd.conf文件 

 NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> ServerName domain.com DocumentRoot /var/www/domain.com/public/api </VirtualHost> <VirtualHost *:443> ServerName domain.com DocumentRoot /var/www/domain.com/public/api SSLEngine on SSLCertificateFile /var/ini/ssl/domain.com/public.crt SSLCertificateKeyFile /var/ini/ssl/domain.com/private.key </VirtualHost>

Apache模块 

 # apache2ctl -M [Tue Oct 08 11:09:38 2013] [warn] NameVirtualHost *:443 has no VirtualHosts [Tue Oct 08 11:09:38 2013] [warn] NameVirtualHost *:80 has no VirtualHosts Loaded Modules: ... ssl_module (shared) Syntax OK

日志 

 [Tue Oct 08 12:36:34 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Oct 08 12:36:34 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Oct 08 13:14:13 2013] [info] Loading certificate & private key of SSL-aware server [Tue Oct 08 13:14:13 2013] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required [Tue Oct 08 13:14:14 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Oct 08 13:14:14 2013] [info] Configuring server for SSL protocol [Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(469): Creating new SSL context (protocols: SSLv3, TLSv1, TLSv1.1, TLSv1.2) [Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(420): Configuring TLS extension handling [Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(836): Configuring RSA server certificate [Tue Oct 08 13:14:14 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Tue Oct 08 13:14:14 2013] [debug] ssl_engine_init.c(875): Configuring RSA server private key

由于在传递Host头之前networking连接已encryption,因此不能将基于名称的虚拟主机与SSL结合使用。

所以你应该从你的configuration中删除NameVirtualHost *:443

将以下内容添加到每个虚拟主机的工作 

 SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5