我正在尝试configuration通配符SSL证书以在子域上以及服务器的主域上提供。 为了获得SSL证书的工作,似乎我必须定义主站点的站点可用文件,如:
<VirtualHost *:443> 当我尝试使用<VirtualHost someSite.com:443>然后Firefox抱怨:
An error occurred during a connection to www.someSite.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
谷歌浏览器不太具体:
SSL connection error
我可以更改<VirtualHost *:443>以便我可以将sub.someSite.com作为不同的带有SSL的虚拟主机服务?
这是在Ubuntu服务器12.04 LTS(3.2内核)与Apache 2.2.22和Godaddy SSL证书。
编辑:这里是域的Apache网站启用文件 。
<IfModule mod_ssl.c> #<VirtualHost *:443> # With this line, the site serves fine <VirtualHost someSite.com:443> # With this line, browsers throw the error DocumentRoot /var/www/someSite/public_html ServerName someSite.com ServerAlias www.someSite.com <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/someSite/public_html/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/someSite.com.crt SSLCertificateKeyFile /etc/apache2/ssl/someSite.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
由于各种原因, Apachebuild议不要在<VirtualHost>指令中使用主机名。
最佳做法是在ServerName和ServerAlias指令中指定虚拟主机的IP地址或*以及虚拟主机的主机名。
所以要解决这个问题:
ServerAlias *.example.com添加到它。 <VirtualHost>块,其中包含ServerName something.example.com和ServerAlias *.example.com 。