Apache服务器HTTPS未完全正确配置的处理
问题一:通过网站https://csr.chinassl.net/ssl-checker.html验证,告知证书来自不被认可的机构,火狐浏览器访问网站出现Error code: SEC_ERROR_UNKNOWN_ISSUER,这是证书链未配置正确导致,只需要在原配置
<VirtualHost *:443> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin yourhost SSLEngine on SSLCertificateFile /etc/httpd/conf/yourhost.crt SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem <Directory /usr/local/www/yourdir> AllowOverride All </Directory> </VirtualHost>
增加证书链的配置(
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
)即可,更改后为:
<VirtualHost *:443> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin yourhost SSLEngine on SSLCertificateFile /etc/httpd/conf/yourhost.crt SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
<Directory /usr/local/www/yourdir>
AllowOverride All
</Directory>
</VirtualHost>
问题二:
Apache如何将http全部自动跳转到https
自动重写链接即可,将
RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
加入配置文件,如下
<VirtualHost *:80> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin youhost RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] </VirtualHost>