Apache服务器HTTPS未完全正确配置的处理
问题一:通过网站https://csr.chinassl.net/ssl-checker.html验证,告知证书来自不被认可的机构,火狐浏览器访问网站出现Error code: SEC_ERROR_UNKNOWN_ISSUER,这是证书链未配置正确导致,只需要在原配置
<VirtualHost *:443> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin yourhost SSLEngine on SSLCertificateFile /etc/httpd/conf/yourhost.crt SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem <Directory /usr/local/www/yourdir> AllowOverride All </Directory> </VirtualHost>
增加证书链的配置(
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
)即可,更改后为:
<VirtualHost *:443> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin yourhost SSLEngine on SSLCertificateFile /etc/httpd/conf/yourhost.crt SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
<Directory /usr/local/www/yourdir>
AllowOverride All
</Directory>
</VirtualHost>
问题二:
Apache如何将http全部自动跳转到https
自动重写链接即可,将
RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
加入配置文件,如下
<VirtualHost *:80> DocumentRoot "/usr/local/www/yourdir" ServerName yourhost ServerAdmin youhost RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L] </VirtualHost>
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步