我正在尝试配置通配符 SSL 证书以服务于子域以及服务器的主域。为了使 SSL 证书正常工作,我似乎必须这样定义主站点的可用站点文件:
<VirtualHost *:443>
当我尝试使用时<VirtualHost someSite.com:443>,Firefox 会抱怨:
An error occurred during a connection to www.someSite.com.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
谷歌浏览器不太具体:
SSL connection error
我可以改变什么,<VirtualHost *:443>以便我可以将 sub.someSite.com 作为具有 SSL 的不同虚拟主机提供服务?
这是在带有 Apache 2.2.22 和 Godaddy SSL 证书的 Ubuntu Server 12.04 LTS(3.2 内核)上。
编辑: : 这是域的 Apache 站点启用文件。
<IfModule mod_ssl.c>
#<VirtualHost *:443> # With this line, the site serves fine
<VirtualHost someSite.com:443> # With this line, browsers throw the error
DocumentRoot /var/www/someSite/public_html
ServerName someSite.com
ServerAlias www.someSite.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/someSite/public_html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/someSite.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/someSite.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
出于多种原因, Apache 建议不要
<VirtualHost>在指令中使用主机名。最佳实践是在and指令中指定虚拟主机的 IP 地址或
*in和主机名。<VirtualHost>ServerNameServerAlias所以要解决这个问题:
ServerAlias *.example.com到它。<VirtualHost>带有ServerName something.example.comand的新块ServerAlias *.example.com。