apache配置多https域名对应单个证书和多个不同的https域名对应多个不同的证书

如果需要设置多个SSL站点,在Apache 2.2以上版本中是开启SSL模块后是直接支持SNI的,添加NameVirtualHost *:443和SSLStrictSNIVHostCheck off两句后,就可以像http虚拟站点一样设置多个https虚拟站点;
多个https虚拟站点可以分别指向多个不同的证书文件,其中第一个默认https站点是在后续https站点配置找不到的时候自动使用的默认配置;

生产环境中apache版本:
[root@localhost ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Jan 12 2017 17:09:39

ssl.conf配置文件中配置多https域名对应单个证书和多个不同的https域名对应多个不同的证书,其中第一个默认https站点是在后续https站点配置找不到的时候自动使用的默认配置;

[root@localhost ~]# cat /etc/httpd/conf.d/ssl.conf|egrep -v “#|"LoadModulesslmodulemodules/modssl.soListen443NameVirtualHost:443SSLStrictSNIVHostCheckoffSSLPassPhraseDialogbuiltinSSLSessionCacheshmcb:/var/cache/modssl/scache(512000)SSLSessionCacheTimeout300SSLMutexdefaultSSLRandomSeedstartupfile:/dev/urandom256SSLRandomSeedconnectbuiltinSSLCryptoDevicebuiltin<VirtualHostdefault:443>DocumentRoot"/data/code"ServerNameen.lsj.com:443ServerNameuo.kvc.com:443ServerNamen.purdf.com:443ServerNamea.wifth.com:443ErrorLoglogs/sslerrorlogLogLevelwarnSSLEngineonSSLProtocolallSSLv2SSLv3SSLCipherSuiteAESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;SSLCertificateFile/etc/pki/tls/certs/ca.b23c.com.crtSSLCertificateKeyFile/etc/pki/tls/private/ca.b23c.com.keySSLCertificateChainFile/etc/pki/tls/certs/rootbundle.crt<Files "(˙cgishtmlphtmlphp3?)" LoadModule ssl_module modules/mod_ssl.so Listen 443 NameVirtualHost *:443 SSLStrictSNIVHostCheck off SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> DocumentRoot "/data/code" ServerName en.lsj.com:443 ServerName uo.kvc.com:443 ServerName n.purdf.com:443 ServerName a.wifth.com:443 ErrorLog logs/ssl_error_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; SSLCertificateFile /etc/pki/tls/certs/ca.b23c.com.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.b23c.com.key SSLCertificateChainFile /etc/pki/tls/certs/root_bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>
<VirtualHost *:443>
ServerName e.diogv.com
DocumentRoot “/data/code”
LogLevel warn
ErrorLog logs/ssl_error_log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
#注意以下证书文件路径
SSLCertificateFile /etc/pki/tls/certs/e.diogv.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/e.diogv.com.key
SSLCertificateChainFile /etc/pki/tls/certs/e.diogv.com_bundle.crt

<Files ~ “.(cgi|shtml|phtml|php3?)"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> ########################################## <VirtualHost *:443> ServerName e.fst01w.com DocumentRoot "/data/code" LogLevel warn ErrorLog logs/ssl_error_log SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; #注意以下证书文件路径 SSLCertificateFile /etc/pki/tls/certs/e.fst01w.com.crt SSLCertificateKeyFile /etc/pki/tls/private/e.fst01w.com.key SSLCertificateChainFile /etc/pki/tls/certs/e.fst01w.com_bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>
############################################
<VirtualHost *:443>
ServerName e.i12erq.com
DocumentRoot “/data/code”
LogLevel warn
ErrorLog logs/ssl_error_log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
#注意以下证书文件路径
SSLCertificateFile /etc/pki/tls/certs/e.i12erq.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/e.i12erq.com.key
SSLCertificateChainFile /etc/pki/tls/certs/e.i12erq.com_bundle.crt
<Files ~ “.(cgi|shtml|phtml|php3?)"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> ########################################## <VirtualHost *:443> ServerName e.j34ja.com DocumentRoot "/data/code" LogLevel warn ErrorLog logs/ssl_error_log SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; #注意以下证书文件路径 SSLCertificateFile /etc/pki/tls/certs/e.j34ja.com.crt SSLCertificateKeyFile /etc/pki/tls/private/e.j34ja.com.key SSLCertificateChainFile /etc/pki/tls/certs/e.j34ja.com_bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>

###################################
<VirtualHost *:443>
ServerName e.mi56v.com
DocumentRoot “/data/code”
LogLevel warn
ErrorLog logs/ssl_error_log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
#注意以下证书文件路径
SSLCertificateFile /etc/pki/tls/certs/e.mi56v.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/e.mi56v.com.key
SSLCertificateChainFile /etc/pki/tls/certs/e.mi56v.com_bundle.crt
<Files ~ “.(cgi|shtml|phtml|php3?)$”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>

posted @   勤奋的蓝猫  阅读(7)  评论(0编辑  收藏  举报  
相关博文:
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 我与微信审核的“相爱相杀”看个人小程序副业
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
点击右上角即可分享
微信分享提示