我正在尝试使用自签名证书在 Apache 上设置 HTTPS。但是我没有显示页面,而是收到了一堆奇怪的错误。每个浏览器都有不同的错误!
从铬:
错误 2 (net::ERR_FAILED):未知错误。
从火狐:
SSL 收到超过最大允许长度的记录。(错误代码:ssl_error_rx_record_too_long)
我按照http://slacksite.com/apache/certificate.php以及其他大约 4 个指南中详述的步骤进行操作。它们都差不多,但都给出相同的结果。所以我一定做错了什么。
简而言之,这就是我所做的:
生成服务器密钥:
openssl genrsa -des3 -out server.key 1024生成企业社会责任:
openssl req -new -key server.key -out server.csr
[在生成请求时,我小心地将我的实际主机名输入为“通用名称(例如,您的姓名或服务器的主机名)”]
从密钥中删除密码:
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key自签名证书:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt将 apache 配置为指向这些文件,并使用这些证书。
有任何想法吗?
更新:这是我的虚拟主机配置:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
## Virtual host to redirect to HTTPS
<VirtualHost *:80>
ServerName mail.craimer.org
Redirect permanent / https://mail.craimer.org:443
</VirtualHost>
##
## SSL Virtual Host Context
##
<VirtualHost mail.craimer.org:443>
ServerName mail.craimer.org
DocumentRoot "/usr/share/roundcubemail/trunk/roundcubemail/"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/conf/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
# Deal with broken MSIE
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
