我从 SSLS 购买了三个证书(不是像大多数示例和教程讨论的 OpenSSL),用于两个域 + 一个子域。我们称它们为 mysite1.com、www.mysite1.com 和 mysite2.com。我正在尝试将证书安装在具有单个 IP 地址的单个服务器上。我之前曾用 OpenSLL 尝试过,但事情变得一团糟,而且这是一个生产环境,所以我负担不起试验的费用。我看过很多教程,包括:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
这是我到目前为止所拥有的:
默认-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName mysite1.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite1.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
<VirtualHost mysite2.com:443>
ServerName mysite2.com
ServerAdmin me@mysite1.com
DocumentRoot /var/www/mysite2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/ssl/certs/mysite1.com.crt
SSLCertificateKeyFile /var/www/ssl/private/mysite1.com.key
SSLCertificateChainFile /var/www/apache2/ssl.crt/mysite1.com.ca-bundle
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
端口.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
我有几个问题:
我假设不再需要 NameVirtualHost (根据this)或者我应该把它放在以防万一?
不确定 FilesMatch 和 Directory 的作用——它们是必需的吗?
如何配置 www.mysite1.com 地址?
还有什么我需要做的吗?
感谢您的帮助。