同个二级域名使用https证书问题

环境:

centos6.10 x64

httpd-2.2.15-60.el6.centos.4.x86_64

背景:主机原有www.aaa.com
证书为:http://www.aaa.com 只有单域名的证书

现在要添加一个 https://p3.aaa.com

只是测试域名 所有自建一个https的证书

自建完后

分别配置www.aaa.com与 p3.aaa.com的ssl配置文件

全局ssl配置文件

1
2
3
4
5
6
7
8
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

www.aaa.com配置文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<VirtualHost www.aaa.com:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /etc/httpd/conf/aaa.crt
SSLCertificateKeyFile /etc/httpd/conf/aaa.key
SSLCertificateChainFile /etc/httpd/conf/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerName www.aaa.com
JkMount /blogweb* blog2web
DocumentRoot /var/www/html/blog2/
<Directory "/var/www/html/blog2/">
allow from all
Options -Indexes
Order allow,deny
Allow from all
</Directory>

p3.aaa.com配置文件内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<VirtualHost p3.aaa.com:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /etc/httpd/conf/p3aaa.crt
SSLCertificateKeyFile /etc/httpd/conf/p3aaa.key
SSLCertificateChainFile /etc/httpd/conf/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerName p3.aaa.com
JkMount /blog3web* blog3web
DocumentRoot /var/www/html/blog3web/
<Directory "/var/www/html/blog3web/">
allow from all
Options -Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

重载httpd服务

1
service httpd reload

测试后发现www.aaa.com与p3.aaa.com只能用一个

在httpd.conf发现 原来NameVirtualHost字段没有配置443 这个字段用于指定虚拟域名

1
NameVirtualHost 本机IP:443

重载httpd服务后 测试通过。

1
service httpd reload
# linux
Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×