无法在 Centos 7 apache2 上安装 Comodo SSL 证书
Can`t install Comodo SSL certificate on Centos7 apache2
我购买了Comodo PositiveSSL。现在我有 certificate.key 和包含 4 个文件的 zip-archive。
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
首先我读到我必须将这些文件加入一个 mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
其次,我将那里的文件保存到 /usr/local/ssl/my_site/.
那我去
/etc/httpd/conf.d/my_site_ru.conf
并添加了这个
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
但在
之后
systemctl restart httpd
我遇到了一个错误
Bad Request Your browser sent a request that this server could not
understand. Reason: You're speaking plain HTTP to an SSL-enabled
server port. Instead use the HTTPS scheme to access this URL, please.
如果我尝试用 https://my_domain.ru 打开我的网站,我会看到下一个
Connection is not secure
您在端口 80 上启用了 SSL 配置,预计非 ssl 配置。
您必须有两个 apache 配置:一个用于端口 80,您将没有 SSL 指令,另一个用于端口 443,您将打开 SSL。
简单示例:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>
我购买了Comodo PositiveSSL。现在我有 certificate.key 和包含 4 个文件的 zip-archive。
AddTrustExternalCARoot.crt,
COMODORSADomainValidationSecureServerCA.crt,
COMODORSAAddTrustCA.crt,
my_domain_ru.crt
首先我读到我必须将这些文件加入一个 mySite.ca-build.
cat my_site_ru.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > mySite.ca-bundle
其次,我将那里的文件保存到 /usr/local/ssl/my_site/.
那我去
/etc/httpd/conf.d/my_site_ru.conf
并添加了这个
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
但在
之后systemctl restart httpd
我遇到了一个错误
Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
如果我尝试用 https://my_domain.ru 打开我的网站,我会看到下一个
Connection is not secure
您在端口 80 上启用了 SSL 配置,预计非 ssl 配置。
您必须有两个 apache 配置:一个用于端口 80,您将没有 SSL 指令,另一个用于端口 443,您将打开 SSL。
简单示例:
<VirtualHost IP_Address:80>
...Some configurations here...
</VirtualHost>
<VirtualHost IP_Address:443>
SSLEngine On
SSLCertificateFile /usr/local/ssl/my_site/my_site_ru.crt
SSLCertificateKeyFile /usr/local/ssl/my_site/certificate.key
SSLCertificateChainFile /usr/local/ssl/my_site/mySite.ca-bundle
... another configuration, such as ServerName, DocumentRoot, etc. ...
</VirtualHost>