同个二级域名使用https证书问题

运维 linux

创建时间:2019-08-21 14:06

阅读:

环境：

centos6.10 x64

httpd-2.2.15-60.el6.centos.4.x86_64

背景：主机原有www.aaa.com
证书为：http://www.aaa.com 只有单域名的证书

现在要添加一个 https://p3.aaa.com

只是测试域名所有自建一个https的证书

自建完后

分别配置www.aaa.com与 p3.aaa.com的ssl配置文件

全局ssl配置文件

Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

www.aaa.com配置文件内容

<VirtualHost www.aaa.com:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /etc/httpd/conf/aaa.crt 
SSLCertificateKeyFile /etc/httpd/conf/aaa.key
SSLCertificateChainFile /etc/httpd/conf/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 ServerName www.aaa.com
  JkMount  /blogweb* blog2web
 DocumentRoot /var/www/html/blog2/
  <Directory "/var/www/html/blog2/">
    allow from all
    Options -Indexes
Order allow,deny
Allow from all
  </Directory>

p3.aaa.com配置文件内容

<VirtualHost p3.aaa.com:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile /etc/httpd/conf/p3aaa.crt 
SSLCertificateKeyFile /etc/httpd/conf/p3aaa.key
SSLCertificateChainFile /etc/httpd/conf/ca.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 ServerName p3.aaa.com
  JkMount  /blog3web* blog3web
 DocumentRoot /var/www/html/blog3web/
  <Directory "/var/www/html/blog3web/">
    allow from all
    Options -Indexes
Order allow,deny
Allow from all
  </Directory>
</VirtualHost>

重载httpd服务

service httpd reload

测试后发现www.aaa.com与p3.aaa.com只能用一个

在httpd.conf发现原来NameVirtualHost字段没有配置443 这个字段用于指定虚拟域名

NameVirtualHost 本机IP:443

重载httpd服务后测试通过。

service httpd reload

转载请注明来源，欢迎对文章中的引用来源进行考证，欢迎指出任何有错误或不够清晰的表达。