Safari告诉我,它无法打开页面,因为它无法build立到服务器的安全连接。 但是,其他浏览器(opera,firefox)可以打开页面。 另外,在Apache错误日志中没有任何东西。
证书是自签名的,并使用标准值。 (见这里: http : //www.knaupes.net/tutorial-ssl-zertifikat-selbst-erstellen-und-signieren/ )
sslconfiguration:
SSLEngine on #SSLInsecureRenegotiation on SSLCertificateFile /home/gemeinde/certs/selfsigned/gemeinde.crt SSLCertificateKeyFile /home/gemeinde/certs/selfsigned/gemeinde.key #SSLCACertificateFile /home/gemeinde/certs/Platinum_G2.pem #SSLOptions +StdEnvVars <Location "/"> SSLOptions +StdEnvVars +OptRenegotiate SSLVerifyClient optional SSLVerifyDepth 10 </Location> 有一个类似的问题,只有工作的解决scheme似乎是启用不安全的SSL重新谈判(第二行注释在你的configuration示例)。 似乎Safari无法与客户端证书进行安全的重新协商,或者什么。
您可以确认通过设置Apache LogLevel进行debugging,并检查是否看到如下所示的内容:
[Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(510): [client 192.168.1.225] Changed client verification type will force renegotiation, referer: [Fri May 27 12:47:24 2011] [info] [client 192.168.1.225] Requesting connection re-negotiation, referer: [Fri May 27 12:47:24 2011] [debug] ssl_engine_io.c(1920): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f099f75e870 [mem: 7f099f823de0] [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(764): [client 192.168.1.225] Performing full renegotiation: complete handshake protocol (client does not support secure renegotiation), referer: [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1916): OpenSSL: Handshake: start [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSL renegotiate ciphers [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 write hello request A [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 flush data [Fri May 27 12:47:24 2011] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: SSLv3 write hello request C [Fri May 27 12:47:24 2011] [info] [client 192.168.1.225] Awaiting re-negotiation handshake, referer: