主页 / server / 问题 / 130365
In Process
Tone
Asked: 2010-04-08 16:17:06 +0800 CST

Debian Apache2 SSL 问题 - 错误代码:ssl_error_rx_record_too_long

  • 772

我在 Debian lenny 上设置 apache 并遇到 SSL 问题。我经历了许多教程,并且我在 Ubuntu 服务器上进行了这项工作,但是对于我的一生来说,Debian 无法获得任何帮助。端口 80 (http) 工作正常,但端口 443 (https) 给我以下错误(在 firefox 中) - homeserver 是我的主机名,我的 dhcp 分配的 ip 是 192.168.1.109。我觉得这与我的配置有关,而不是与证书/密钥生成有关。

An error occurred during a connection to homeserver.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

有人看到以下配置文件有任何问题吗?

/etc/apache2/sites-available/default-ssl

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName homeserver
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        LogLevel warn

        CustomLog /var/log/apache2/ssl_access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
                Options Indexes MultiViews FollowSymLinks
                AllowOverride None
                Order deny,allow
                Deny from all
                Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>

        SSLEngine on

        SSLCertificateFile /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key

        SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

/etc/apache2/ports.conf

NameVirtualHost *:80
Listen 80
Listen 443

#<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    #Listen 443
#</IfModule>

/etc/hosts

127.0.0.1       localhost
127.0.0.1       homeserver
#192.168.1.109  homeserver #tried this but it didn't work

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

/etc/主机名

homeserver
#192.168.1.109
debian apache-2.2 ssl

2 个回答

  1. 我忘了启用 ssl mod.. 在这个 linux/apache 东西上还是新的。这个命令成功了:

    sudo a2enmod ssl
    • 2

  2. 这是旧的但有效的,因为它在搜索中弹出很高......我还想提醒启用 SSL 站点:

    # a2ensite
Your choices are: 000-default default-ssl
Which site(s) do you want to enable (wildcards ok)?
default-ssl
Enabling site default-ssl.
To activate the new configuration, you need to run:
  systemctl reload apache2
    • 0

相关问题