Apache服务器HTTPS未完全正确配置的处理

问题一:通过网站https://csr.chinassl.net/ssl-checker.html验证,告知证书来自不被认可的机构,火狐浏览器访问网站出现Error code: SEC_ERROR_UNKNOWN_ISSUER,这是证书链未配置正确导致,只需要在原配置

<VirtualHost *:443>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin yourhost
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/yourhost.crt
    SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
    <Directory /usr/local/www/yourdir>
        AllowOverride All
    </Directory>
</VirtualHost>

增加证书链的配置(

 SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle

)即可,更改后为:

<VirtualHost *:443>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin yourhost
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/yourhost.crt
    SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
  
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
<Directory /usr/local/www/yourdir>
AllowOverride All
</Directory>
</VirtualHost>

 

 

问题二:

Apache如何将http全部自动跳转到https

自动重写链接即可,将

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

加入配置文件,如下

<VirtualHost *:80>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin youhost
      RewriteEngine On
      RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
</VirtualHost>

 

posted @ 2017-12-19 15:03  村长叫我返去扒龙船  阅读(884)  评论(0编辑  收藏  举报