所以我从 GoDaddy 获得了 SSL。
它适用于我的公共网站mysite.com
。
我现在想为我创建一个 SSL 连接,administrator.mysite.com
所以我创建了一个自签名证书,openssl
因为我不介意管理我自己的网站,并在锁上带有红色标记。
里面httpd-ssl.conf
<VirtualHost *:443>
ServerName mysite.com:443
ServerAlias www.mysite.com
DocumentRoot /opt/lampp/htdocs/MySite/
ServerAdmin admin@mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/mysite.com.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server_nopwd.key
SSLCertificateChainFile /opt/lampp/etc/ssl.crt/gd_bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName administrator.mysite.com:443
DocumentRoot "/opt/lampp/htdocs/"
ServerAdmin admin@mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors_admin.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access_admin.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/admin.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/admin.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
我得到这个警告:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
发生的情况是管理员主机被重定向到普通主机,这很烦人