服务器 Gind.cn
  1. 服务器 Gind.cn
  3. SSL连接错误
Intereting Posts
用Monit监控Ubuntu 16.0.4上的solr服务 文件服务器通过VPN连接 将后缀configuration为DKIM签名从系统生成的电子邮件 尝试创build新的AD同步时出现问题(SharePoint 2010) 禁用自动维护Windows Server 2016 PSAD不能在Ubuntu 14.04上启动 文件解锁程序有多安全? Zimbra,如何closuresspamassasin和clamAV postgis 2.1.6 – > 2.2.0升级后无法升级postgresql 9.4 – > 9.5beta2 你可以给一个目录两个SELinux策略? 将一台机器上的一个RDP端口同时转发给多个外部用户 按专有名称将用户添加到AD组 如何在没有访问服务器configuration的情况下模拟htaccess与IIS身份validation? 限制目录大小 debuggingDNS:如果主机名称parsing无法按预期工作,该怎么办?

SSL连接错误

我已经购买了一个comodo SSL证书,并已将由我的服务器生成的证书签名请求(CSR)提交给SSLpipe理站点。 

With the 3 files it returned me with, - AddTrustExternalCARoot.crt - PositiveSSLCA2.crt - www_example_com.crt

我已经把它们上传到我的/ etc / ssl / ssl-certs文件夹,并且已经在我的网站上更新了我的虚拟主机 – 可用并相应地重新启动。 

  NameVirtualHost 107.167.120.195:80 #sample ip address NameVirtualHost 107.167.120.195:443 #sample ip address ......... #normal http virtual host (working well) <VirtualHost 107.167.120.195:443> ServerAdmin [email protected] ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/example SSLEngine on SSLCertificateFile /etc/ssl/ssl-certs/www_example_com.crt SSLCertificateKeyFile /etc/ssl/ssl-certs/server.key SSLCertificateChainFile /etc/ssl/ssl-certs/PositiveSSLCA2.crt </VirtualHost>

我也启用了运行“a2enmod ssl”,它已启用。

这是我在访问Chrome浏览器的网页https时遇到的错误: 

  SSL connection error Error code: ERR_SSL_PROTOCOL_ERROR Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

我也检查了我的Apache日志文件,似乎有一个错误,说公用名(CN)是不一样的服务器。 

  RSA server certificate CommonName (CN) `www.example.com' does NOT match server name!? 

  Invalid method in request \x16\x03\x01

我该怎么办?

编辑: 

  openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.key Generating a 2048 bit RSA private key ..........................................+++ ................+++ writing new private key to 'server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:SG State or Province Name (full name) [Some-State]:Singapore Locality Name (eg, city) []:Singapore Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName Organizational Unit Name (eg, section) []: Common Name (eg server FQDN or YOUR name) []:www.example.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Password123 An optional company name []:CompanyName

它生成了CSR,在我的SSL证书pipe理中,我给的URL也是www.example.com。

编辑 

  openssl s_client -connect 107.167.120.195:443 //sample ip address

并返回给我以下 

  CONNECTED(00000003) 140401734006440:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:766: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

在我的情况下,我没有启用网站“default-ssl”。 在/etc/apache2/sites-enabled文件夹中只列出了“000-default”。

在Ubuntu 14 LTS,Apache 2.4.7上启用SSL站点: 

 a2ensite default-ssl service apache2 reload