ssl 보안서버 와일드카드 설정.(httpd.conf 파일설정)
페이지 정보
작성자 미친새 작성일 20-02-21 11:35 조회 20,437 댓글 0본문
Apache & VirtualHost SSL with a wildcard or multiple-site server certificate
Apache (1.3, 2.0 or 2.2) requires advanced settings in order to run SSL with several sites names, whether with a Wildcard or with a multiple-site certificate. This configuration is not clearly explained in the official documentation.
Ports listening
You need to indicate which IP address and which port the server has to listen. The virtual host has to be declared as well. Enter the same thing into the 2 instructions. Example: Listen 213.186.35.102:443
NameVirtualHost 213.186.35.102:443
If you are IPv6-compatible: Listen [2001:41D0:1:266::1]:443
NameVirtualHost [2001:41D0:1:266::1]:443
Sites declaration
You can declare as may sites as you want to. First of all use the virtualhost declaration: <VirtualHost 213.186.35.102:443 >
or, with IPv6 <VirtualHost 213.186.35.102:443 [2001:41D0:1:266::1]:443 >
Inside, place the keyword ServerName that will identify the site's name, and one or several ServerAlias
Finally, enter the SSL instructions SSLEngine on
SSLCertificateFile conf/ssl.crt/cert-1138-8747.cer
SSLCertificateKeyFile conf/ssl.key/wild.cert.com.2006.key
SSLCertificateChainFile conf/ssl.crt/chain-1138-8747.txt
SSLVerifyClient none
Then the other VirtualHost instructions.
You can then define as many VirtualHost as needed.
Example of a minimum configuration
<VirtualHost _default_:443>
DocumentRoot /var/www/html
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
# 128-bit mini anti-beast
#SSLCipherSuite !ADH:!DSS:!RC2:RC4-SHA:RC4-MD5:HIGH:MEDIUM:+AES128:+3DES
# 128-bit mini PFS favored
#SSLCipherSuite !ADH:!DSS:!RC2:HIGH:MEDIUM:+3DES:+RC4
# 128-bit maximal security
SSLCipherSuite !ADH:!DSS:!RC4:HIGH:+3DES
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherSuite on # apache 2.1+
SSLCertificateFile conf/ssl/cert-0000000000-12983.cer
SSLCertificateKeyFile conf/ssl/multisite.key
SSLCertificateChainFile conf/ssl/chain-0000000000-12983.txt
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /home/site1/public_html
ServerName gestion.site1.fr
ServerAlias v8.site1.fr cyber.site1.fr
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /home/site2/public_html
ServerName gestcom.site2.fr
ServerAlias commercial.site2.fr,prospect.site2.fr
</VirtualHost>
Apache (1.3, 2.0 or 2.2) requires advanced settings in order to run SSL with several sites names, whether with a Wildcard or with a multiple-site certificate. This configuration is not clearly explained in the official documentation.
Ports listening
You need to indicate which IP address and which port the server has to listen. The virtual host has to be declared as well. Enter the same thing into the 2 instructions. Example: Listen 213.186.35.102:443
NameVirtualHost 213.186.35.102:443
If you are IPv6-compatible: Listen [2001:41D0:1:266::1]:443
NameVirtualHost [2001:41D0:1:266::1]:443
Sites declaration
You can declare as may sites as you want to. First of all use the virtualhost declaration: <VirtualHost 213.186.35.102:443 >
or, with IPv6 <VirtualHost 213.186.35.102:443 [2001:41D0:1:266::1]:443 >
Inside, place the keyword ServerName that will identify the site's name, and one or several ServerAlias
Finally, enter the SSL instructions SSLEngine on
SSLCertificateFile conf/ssl.crt/cert-1138-8747.cer
SSLCertificateKeyFile conf/ssl.key/wild.cert.com.2006.key
SSLCertificateChainFile conf/ssl.crt/chain-1138-8747.txt
SSLVerifyClient none
Then the other VirtualHost instructions.
You can then define as many VirtualHost as needed.
Example of a minimum configuration
<VirtualHost _default_:443>
DocumentRoot /var/www/html
ErrorLog logs/ssl-error_log
TransferLog logs/ssl-access_log
SSLEngine on
# 128-bit mini anti-beast
#SSLCipherSuite !ADH:!DSS:!RC2:RC4-SHA:RC4-MD5:HIGH:MEDIUM:+AES128:+3DES
# 128-bit mini PFS favored
#SSLCipherSuite !ADH:!DSS:!RC2:HIGH:MEDIUM:+3DES:+RC4
# 128-bit maximal security
SSLCipherSuite !ADH:!DSS:!RC4:HIGH:+3DES
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherSuite on # apache 2.1+
SSLCertificateFile conf/ssl/cert-0000000000-12983.cer
SSLCertificateKeyFile conf/ssl/multisite.key
SSLCertificateChainFile conf/ssl/chain-0000000000-12983.txt
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot /home/site1/public_html
ServerName gestion.site1.fr
ServerAlias v8.site1.fr cyber.site1.fr
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /home/site2/public_html
ServerName gestcom.site2.fr
ServerAlias commercial.site2.fr,prospect.site2.fr
</VirtualHost>
관련링크
댓글목록 0
등록된 댓글이 없습니다.