我从SSLS(不像大多数示例和教程讨论的那样是OpenSSL)购买了两个域+一个子域的三个证书。让我们称之为mysite1。com,www.mysite1。com和mysite2。通用域名格式。我正试图用一个IP地址在一台服务器上安装证书。我之前在OpenSLL上试过这个,结果搞砸了,再加上这是一个生产环境,所以我负担不起实验。我看过很多教程,包括:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-debian-9
以下是我目前掌握的情况:
默认ssl。形态:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mysite1.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite1.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost mysite2.com:443>
ServerName mysite2.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
港口。形态
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
我有几个问题:
我假设不再需要NameVirtualHost(根据
this
)还是我应该把它放进去以防万一?
不确定FilesMatch和Directory做什么-它们是必需的吗?
如何配置www.mysite1。通讯地址?
还有什么我需要做的吗?
谢谢你的帮助。
