Andyliu
发表于 2013-7-8 21:24:21
ramonde 发表于 2013-7-8 21:24
back.gif
那是配置的问题了,证书什么的不要弄错了,把你的配置发上来看看[*]
[*] ServerName domain.com
[*] ServerAdmin admin@domain.com
[*] DocumentRoot "/home/wwwroot/domain.com"
[*]
[*] ErrorLog /home/wwwlogs/domain.com.error.log
[*] CustomLog /home/wwwlogs/domain.com.log common
[*]
[*]
[*] Options +Includes -Indexes
[*] php_admin_flag engine ON
[*] php_admin_value open_basedir "/home/wwwroot/domain.com:/tmp"
[*]
[*]
[*]
[*]
[*] ServerName domain.com
[*] ServerAdmin kdo@qq.com
[*] DocumentRoot "/home/wwwroot/domain.com"
[*]
[*] SSLEngine on
[*] SSLCertificateFile "/usr/local/mapn/vhosts/ssl/domain.com.crt"
[*] SSLCertificateKeyFile "/usr/local/mapn/vhosts/ssl/domain.com.key"
[*] SSLCertificateChainFile "/usr/local/mapn/vhosts/ssl/servercert.crt"
[*]
[*] ErrorLog /home/wwwlogs/domain.com.error.log
[*] CustomLog /home/wwwlogs/domain.com.log common
[*]
[*]
[*] Options +Includes -Indexes
[*] php_admin_flag engine ON
[*] php_admin_value open_basedir "/home/wwwroot/domain.com:/tmp"
[*]
[*]复制代码
ramonde
发表于 2013-7-8 21:24:51
本帖最后由 ramonde 于 2013-7-8 22:09 编辑
ServerName domain.com:443
并且一个IP只能配置一个证书
QuaintJade
发表于 2013-7-8 21:38:09
Andyliu 发表于 2013-7-8 21:38
back.gif
如果是nginx做前端反代,那我觉得应该是nginx设置证书
QuaintJade
发表于 2013-7-8 21:24:00
本帖最后由 QuaintJade 于 2013-7-8 22:03 编辑
Andyliu 发表于 2013-7-8 21:38
back.gif
如果是Apache前端的话,你看看有没有ssl.conf,里面有没有那一大段。如果你的conf文件开头是s以后的字母,那么没有ssl.conf优先,自然就被无视了。
另外,如果SSL要用ServerName的话,那要使用SNI,也就是要加一行 NameVirtualHost *:443 ,加在 Listen 443 后面。
ramonde
发表于 2013-7-8 21:51:14
其实用NGINX和APACHE是一样的,我试过
ramonde
发表于 2013-7-8 21:55:02
15楼说的NameVirtualHost *:443是必须要有的
yohu
发表于 2013-7-8 21:38:00
如果你是用ie6,那必须一个ip对应一个证书,如果你绑两个证书,废品ie6只认第一个。
Andyliu
发表于 2013-7-8 22:00:00
QuaintJade 发表于 2013-7-8 22:00
如果是Apache前端的话,你看看有没有ssl.conf,里面有没有那一大段。如果你的conf文件开头是s以后的字 ...
mapn 这个目录下面 /usr/local/apache/conf/extra/httpd-ssl.conf
里面有你说的[*]Listen 443
[*]
[*]#
[*]# Use name-based virtual hosting.
[*]#
[*]NameVirtualHost *:443
[*]
[*]##
[*]##SSL Global Context
[*]##
[*]##All SSL configuration in this context applies both to
[*]##the main server and all SSL-enabled virtual hosts.
[*]##
[*]
[*]#
[*]# Some MIME-types for downloading Certificates and CRLs
[*]#
[*]AddType application/x-x509-ca-cert .crt
[*]AddType application/x-pkcs7-crl .crl
[*]
[*]# Pass Phrase Dialog:
[*]# Configure the pass phrase gathering process.
[*]# The filtering dialog program (`builtin' is a internal
[*]# terminal dialog) has to provide the pass phrase on stdout.
[*]SSLPassPhraseDialogbuiltin
[*]
[*]# Inter-Process Session Cache:
[*]# Configure the SSL Session Cache: First the mechanism
[*]# to use and second the expiring timeout (in seconds).
[*]#SSLSessionCache "dbm:/usr/local/apache/logs/ssl_scache"
[*]SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
[*]SSLSessionCacheTimeout300
[*]
[*]# Semaphore:
[*]# Configure the path to the mutual exclusion semaphore the
[*]# SSL engine uses internally for inter-process synchronization.
[*]SSLMutex"file:/usr/local/apache/logs/ssl_mutex"
[*]
[*]##
[*]## SSL Virtual Host Context
[*]##
[*]
[*]
[*]
[*]# General setup for the virtual host
[*]ServerAdmin kdo@qq.com
[*]DocumentRoot "/home/wwwroot"
[*]ServerName server.andylab.com
[*]ErrorLog "/home/wwwlogs/wwwroot.error.log"
[*]
[*] Options +Includes -Indexes
[*] php_admin_flag engine ON
[*] php_admin_value open_basedir "/home/wwwroot:/tmp:/proc"
[*]复制代码我是用nginx 做前端apache 做后端是在apache里面设置SSL
域名是 blog.domain.com.conf
b开头conf 在http-ssl前面 和这个次序还有关系?
Andyliuholinhot
发表于 2013-7-8 21:38:00
ramonde 发表于 2013-7-8 22:06
其实用NGINX和APACHE是一样的,我试过
我几台VPS 都装MAPN其中一台可以另外几台都不可以
我今天看了下可以的那台 mapn 版本 3.1不可以的 是3.1.1直接查看不信任的证书是哪个用购买的证书去替换原来那个证书不得了。
holinhot
发表于 2013-7-8 22:06:09
如果你自己设置另一个路径记得把默认ssl那相443端口删掉。把443配置到你新的ssl上不然443一直在老应用 上你再怎么搞都是不信任