0

我为我的两个网站做了自签名 SSL 证书。w2.local 和 c2.local (按照以下步骤:https://medium.com/@tbusser/creating-a-browser-trusted-self-signed-ssl-certificate-2709ce43fd15)并在虚拟主机中配置它:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName w2.local
    ServerAlias www.w2.local
    DocumentRoot /var/www/w2
    ErrorLog ${APACHE_LOG_DIR}/w2_error.log
    CustomLog ${APACHE_LOG_DIR}/w2_access.log combined
    <Directory "/var/www/w2">
        Options Indexes FollowSymLinks MultiViews
        Require all granted
        AllowOverride All
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName w2.local
    ServerAlias www.w2.local
    DocumentRoot /var/www/w2
    ErrorLog ${APACHE_LOG_DIR}/w2_ssl_error.log
    CustomLog ${APACHE_LOG_DIR}/w2_ssl_access.log combined
    <Directory "/var/www/w2">
        Options Indexes FollowSymLinks MultiViews
        Require all granted
        AllowOverride All
    </Directory>

    #adding custom SSL cert
    SSLEngine on
    SSLCertificateFile /home/vagrant/cert/w2.local.crt
    SSLCertificateKeyFile /home/vagrant/cert/w2.local.key
</VirtualHost>

当我尝试打开http://w2.local 时,连接工作正常,但 https 不起作用并显示:Firefox 中的 SSL_ERROR_RX_RECORD_TOO_LONG 和 Chrome 中的 ERR_SSL_PROTOCOL_ERROR。

我尝试启用 ssl 但它已经启用:

vagrant@vag:/$ sudo a2enmod ssl
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Module socache_shmcb already enabled
Module ssl already enabled

我重新启动了 apache 服务,没有错误/通知引用证书。

vagrant@vag:/$ systemctl status apache2.service                                                                            
● apache2.service - LSB: Apache2 web server                                                                                
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)                                                       
  Drop-In: /lib/systemd/system/apache2.service.d                                                                           
           └─apache2-systemd.conf                                                                                          
   Active: active (running) since Mon 2020-05-18 10:02:33 CEST; 9s ago                                                     
     Docs: man:systemd-sysv-generator(8)                                                                                   
  Process: 3087 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)                                          
  Process: 3111 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)                                        
    Tasks: 56                                                                                                              
   Memory: 7.8M                                                                                                            
      CPU: 75ms                                                                                                            
   CGroup: /system.slice/apache2.service                                                                                   
           ├─3129 /usr/sbin/apache2 -k start                                                                               
           ├─3132 /usr/sbin/fcgi-pm -k start                                                                               
           ├─3133 /usr/sbin/apache2 -k start                                                                               
           └─3134 /usr/sbin/apache2 -k start                                                                               

May 18 10:02:32 vag systemd[1]: Starting LSB: Apache2 web server...                                                        
May 18 10:02:32 vag apache2[3111]:  * Starting Apache httpd web server apache2                                             
May 18 10:02:32 vag apache2[3111]: AH00112: Warning: DocumentRoot [/var/www/myproject.com] does not exist                  
May 18 10:02:32 vag apache2[3111]: AH00112: Warning: DocumentRoot [/var/www/params/public/paramsApp/web] does not exist    
May 18 10:02:32 vag apache2[3111]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name,
May 18 10:02:33 vag apache2[3111]:  *                                                                                      
May 18 10:02:33 vag systemd[1]: Started LSB: Apache2 web server.

我尝试使用 curl 测试连接:

vagrant@vag:/$ hostname -I
10.0.2.15 192.168.33.15

vagrant@vag:/$ curl -V
curl 7.47.0 (x86_64-pc-linux-gnu) libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP UnixSockets

vagrant@vag:/$ curl -v --cacert ./home/vagrant/cert/rootCA.pem --resolve w2.local:443:10.0.2.15 https://w2.local/
* Added w2.local:443:10.0.2.15 to DNS cache
* Hostname w2.local was found in DNS cache
*   Trying 10.0.2.15...
* Connected to w2.local (10.0.2.15) port 443 (#0)
* found 1 certificates in ./home/vagrant/cert/rootCA.pem
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

vagrant@vag:/$ curl -v --cacert ./home/vagrant/cert/rootCA.pem --resolve w2.local:443:192.168.33.15 https://w2.local/
* Added w2.local:443:192.168.33.15 to DNS cache
* Hostname w2.local was found in DNS cache
*   Trying 192.168.33.15...
* Connected to w2.local (192.168.33.15) port 443 (#0)
* found 1 certificates in ./home/vagrant/cert/rootCA.pem
* found 594 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* gnutls_handshake() failed: An unexpected TLS packet was received.
* Closing connection 0
curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received.

我还应该检查什么来解决这个问题?

4

1 回答 1

0

我使用了 vagrant 和 sternpunkt/jimmybox。在以前的版本中,ssl 存在问题。版本 3.0.1 有效。

于 2020-05-21T06:43:33.423 回答