在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)-问答-阿里云开发者社区-阿里云

开发者社区> 问答> 正文

在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)

dongshan8 2017-01-05 13:13:50 28740
云友提问,想为 phpstudy 套件里的 apache 配置SSL证书安全访问。

环境:Windows 2008 32位系统 , phpstudy 2016(apache 2.4)

过程:

1. 下载,解压,初始化好 phpstudy
[attachment=119262]


2. 将下载好的证书放到apache目录下,如我将yun.anqun.org的SSL证书保存在apache/conf/ssl/yun里
[attachment=119263]


3. 通过phpstudy的管理菜单,编辑 httpd.conf 配置文件,将约在489行的,关于ssl配置的文件启用;
Include conf/extra/httpd-ssl.conf
[attachment=119264]


4. 编辑 httpd-ssl.conf 文件,按实际情况配置虚拟主机的ssl内容,如本例里的 yun.anqun.org 及 portal.anqun.org 的简要配置内容如下:
##
## SSL Virtual Host Context
##
<VirtualHost *:443>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\yun\213949634960268.pem"
        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\yun\213949634960268.key"

        ServerName      "yun.anqun.org"
        DocumentRoot    "C:\www\yun.anqun.org"
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\portal\213466734260268.pem"
        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\portal\213466734260268.key"

        ServerName      "portal.anqun.org"
        DocumentRoot    "C:\www\portal.anqun.org"
</VirtualHost>

[attachment=119265]



5. 保存配置文件后,重启apache,在火狐浏览器里测试访问,显示结果正常
[attachment=119266]



[attachment=119267]


参考: https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

系统不同配置 Windows 2008系统不同 系统apache不同 系统apache不同配置 Windows系统PHP.INI
分享到
取消 提交回答
全部回答(37)
  • hiki1987
    2019-01-25 16:51:15
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    楼主,我18年10份按照您的帖子设置好了。但是现在重新申请apache证书是 3个文件,也是赛门铁克免费证书。 现在变成3个文件后不知道怎么配置了,之前的因为挂着业务,也就不敢动。

    0 0
  • zuiyu2018
    2018-08-04 16:14:53
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    谢谢分享!!!
    0 0
  • 罗罗亚
    2018-07-17 18:34:10
    回 164楼cvwif的帖子
    最后你怎么处理的  我也遇到同样的问题了    还有就是之前也设置过一些什么跳转功能   这些规则要放在前面还是后面
    0 0
  • 开心农场
    2018-07-07 12:00:07
    回 8楼dongshan8的帖子
    这个操作之后是可以正常启动了,但是打开HTTPS之后还是空白的,HTTP正常
    0 0
  • cvwif
    2018-06-06 09:54:44
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    您好,麻烦问一下,我用的是phpstudy2016,按照帖里面的方法配置后,网址里面必须要输入https才能访问,直接输入网址却不能自动跳转https,请问一下这个是什么问题呢

    -------------------------

    回 159楼dongshan8的帖子
    您说的这个方法我也试过,只是,我在ubuntu系统里面配置ssl的时候不需要修改.htaccess,在win系统却需要

    -------------------------

    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    不行这两个方法都试过,都不行

    -------------------------

    回 163楼dongshan8的帖子
    我想我知道应该怎么设置这个规则了,谢谢您的帮助,衷心的感谢

    -------------------------

    回 167楼dongshan8的帖子
    不好意思现在才回复,我之前测试的时候在https-vhosts.conf文件里面加
    <VirtualHost *:80>
    ServerAdmin 域名
    ServerName 域名
    DocumentRoot "C:\phpStudy\PHPTutorial\WWW\myshop\public"
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)?$ aa://%{SERVER_NAME}/$1 [L,R]
    </VirtualHost>
    上面的aa是https
    然后引入Include conf/extra/httpd-vhosts.conf
    其它的配置基本一样
    重启了之后就可以自动跳转https
    但是有个问题是,域名后面多了一条斜杠,搞了很久,最终放弃了windows系统改成了ubuntu系统
    0 0
  • 1vjsakj
    2018-04-26 17:16:39
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    你好,麻烦想请问一下,我是用wamp的Apache。我按照帖中的方法进行尝试了,但是Apache启动不起来。运行了一下httpd.exe。出现
    C:\>C:\wamp\bin\apache\apache2.4.23\bin\httpd.exe
    httpd.exe: Syntax error on line 184 of C:/wamp/bin/apache/apache2.4.23/conf/http
    d.conf: Cannot load modules/mod_ssl.so into server: \xd5\xd2\xb2\xbb\xb5\xbd\xd6
    \xb8\xb6\xa8\xb5\xc4\xc4\xa3\xbf\xe9\xa1\xa3
    请问老师怎么解决
    0 0
  • 火星123
    2018-01-25 10:50:44
    非常实用 赞赞

    -------------------------

    0 0
  • 起风的森林
    2018-01-02 15:55:26
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    按照你说的配置,都启动了,但是无法访问,求解决,很着急

    -------------------------

    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    楼主,在线等,求救,急救

    -------------------------

    回 147楼dongshan8的帖子
    版主怎么能给您私信,实在出于困难,很着急

    -------------------------

    回 146楼起风的森林的帖子
    哥,有别的交流方式么,我所属的用户组不能发消息

    -------------------------

    回 147楼dongshan8的帖子
    哥,有别的交流方式么,我所属的用户组不能发消息

    -------------------------

    回 147楼dongshan8的帖子
    哥,有别的交流方式么,我所属的用户组不能发消息

    -------------------------

    回 147楼dongshan8的帖子
    哥,有别的交流方式么,我所属的用户组不能发消息,没有权限
    0 0
  • zjzl85
    2017-12-18 18:57:14
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    哥,您好。我想问下阿里云有两个服务 个"A " 一个"B"  我把A的域名解析到B服务器 并且A服务的域名有证书。按照你上面的操作Apache启动不了


    -------------------------

    回 135楼dongshan8的帖子
    不是这个意思,我的意思是,我有两个ECC服务器,A服务器有域名、B服务没有域名。我把A服务的域名解析到了B服务器并且有证书。然后就是
    apache启动失败,

    -------------------------

    回 137楼dongshan8的帖子
    哥:错误日志都没有更新,看不出是啥情况

    -------------------------

    Re回 139楼dongshan8的帖子
    哥:太麻烦您了,现在是这种情况

    -------------------------

    Re回 139楼dongshan8的帖子
    [font=PingFangSC, "]哥:我把 httpd-ssl.conf 文件上传您帮我看下

    -------------------------

    Re回 142楼dongshan8的帖子
    哥:这个怎么破,脑袋都整疼了
    0 0
  • wylove
    2017-12-13 12:23:20
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    你好。版主。在phpstudy下已经给主域名配置了SSL证书,已成功。又申请了一个SSL证书。针对主域名下的二级域名配置。按第一个操作后, apache就启动不了。麻烦你看下。谢谢。

    -------------------------

    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)


    你好版主 ,我查看了这个设置。如果再增加一个就有问题,Apache就不工作了,删除二级域名,就没问题。
    0 0
  • 林吊吊
    2017-12-08 15:02:01
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    我只要开启  Include conf/extra/httpd-ssl.conf  这个后 apache就启动不了。
    按照改了还是启动不了apache
    帮忙看下附件的配置,有没有问题
    0 0
  • 无限空间2
    2017-12-07 18:25:14
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    您好,我看了别人apache也是启动不了我也遇到了相同问题,而且我的配置都是正确的,我就莫名其妙了。哪里出现问题了?能否告知一下?
    0 0
  • 飞扬大表哥
    2017-11-11 21:01:25
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    手动登录表示感谢
    0 0
  • 感觉2017
    2017-10-23 08:44:07
    回 3楼dongshan8的帖子
    版主,能否帮我测试下护卫神·Apache大师配置HTTPS,我申请的是阿里云的证书,按教程一步步配置,Apache就是启动不了,你能看看吗,最后直接测试好,弄个代码上去,我复制过来改下最好了,我是菜鸟级别,有些不懂
    0 0
  • aaaaa11123
    2017-10-12 16:07:13
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    大神在吗  
    #LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)
    #Include conf/extra/httpd-ssl.conf
    这两句话的#我已经去掉了

    -------------------------

    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    接87楼
    <VirtualHost *:443>
    # 添加 SSL 协议支持协议,去掉不安全的协议
    SSLProtocol all -SSLv2 -SSLv3
    # 修改加密套件如下
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLHonorCipherOrder on
    # 证书公钥配置
    SSLCertificateFile conf/ssl/cert/public.pem
    # 证书私钥配置
    SSLCertificateKeyFile conf/ssl/cert/214277396730467.key
    # 证书链配置,如果该属性开头有 '#'字符,请删除掉
    SSLCertificateChainFile conf/ssl/cert/chain.pem
    </VirtualHost>
    ##
    ## SSL Virtual Host Context
    ##
    #<VirtualHost *:443>
    #        SSLEngine on
    #        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    #        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.pem"
    #        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.key"
    #        ServerName      "www.网址.cn"
    #        DocumentRoot    "D:\shengyuanV19"
    #</VirtualHost>


    已经启动了,但是https的网址打不开,http可以

    -------------------------

    回 89楼dongshan8的帖子
    您好,
    我88楼发的第一部分是根据阿里云提示操作的,第二部分是按你的提示操作,这两个办法都试过了

    -------------------------

    回 89楼dongshan8的帖子
    在线等  谢谢

    -------------------------

    Re回 92楼dongshan8的帖子


    第一个域名端口是443,其他都是80

    -------------------------

    Re回 93楼aaaaa11123的帖子

    -------------------------

    Re回 94楼aaaaa11123的帖子

    -------------------------

    回 96楼dongshan8的帖子
    tcp 0.0.0.0.443 0.0.0.0.0 listening 3792

    -------------------------

    回 92楼dongshan8的帖子
    [Thu Oct 12 20:54:05.187500 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:53194] AH00127: Cannot map GET /'%22/></script><script>alert()</script> HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:54:51.796875 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:16085] AH00127: Cannot map GET /'%22/></script><script>alert()</script>/?.tmp=t HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:56:58.562500 2017] [core:error] [pid 2472:tid 1668] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:56444] AH00127: Cannot map GET /'%22+onmouseover=alert()+d='%22 HTTP/1.1 to file, referer: http://yunying.shanxiwap.cn/
    [Thu Oct 12 20:57:02.781250 2017] [core:error] [pid 2472:tid 1668] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:56444] AH00127: Cannot map GET /%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22 HTTP/1.1 to file, referer: http://yunying.shanxiwap.cn/
    [Thu Oct 12 20:57:06.234375 2017] [core:error] [pid 2472:tid 1676] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:57298] AH00127: Cannot map GET /'%22+onmouseover=alert()+d='%22/?.tmp=t HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:08.390625 2017] [core:error] [pid 2472:tid 1676] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:57298] AH00127: Cannot map GET /%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22/?.tmp=t HTTP/1.1 to file, referer: http://yunying.shanxiwap.cn/
    [Thu Oct 12 20:57:12.562500 2017] [core:error] [pid 2472:tid 1676] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:57298] AH00127: Cannot map GET /'%22/></script><script>alert()</script> HTTP/1.1 to file, referer: http://yunying.shanxiwap.cn/
    [Thu Oct 12 20:57:20.156250 2017] [core:error] [pid 2472:tid 1676] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:57298] AH00127: Cannot map GET /'%22/></script><script>alert()</script>/?.tmp=t HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:35.578125 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /'%22+onmouseover=alert()+d='%22 HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:36.093750 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22 HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:37.078125 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /'%22+onmouseover=alert()+d='%22/?.tmp=t HTTP/1.1 to file, referer: http://shanxiwap.cn/
    [Thu Oct 12 20:57:37.562500 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /%27%22%20onmouseover%3Dalert%28%29%20d%3D%27%22/?.tmp=t HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:38.562500 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /'%22/></script><script>alert()</script> HTTP/1.1 to file, referer: 域名/
    [Thu Oct 12 20:57:40.093750 2017] [core:error] [pid 2472:tid 1672] (20024)The given path is misformatted or contained invalid characters: [client 140.205.225.185:7717] AH00127: Cannot map GET /'%22/></script><script>alert()</script>/?.tmp=t HTTP/1.1 to file, referer: 域名/

    -------------------------

    回 98楼aaaaa11123的帖子
    [Fri Oct 13 10:22:44.062500 2017] [mpm_winnt:notice] [pid 1480:tid 464] AH00455: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb mod_fcgid/2.3.9 configured -- resuming normal operations
    [Fri Oct 13 10:22:44.062500 2017] [mpm_winnt:notice] [pid 1480:tid 464] AH00456: Apache Lounge VC9 Server built: Jul 19 2014 13:20:51
    [Fri Oct 13 10:22:44.062500 2017] [core:notice] [pid 1480:tid 464] AH00094: Command line: 'D:\\phpStudy\\Apache\\bin\\httpd.exe -d D:/phpStudy/Apache'
    [Fri Oct 13 10:22:44.078125 2017] [mpm_winnt:notice] [pid 1480:tid 464] AH00418: Parent: Created child process 3068
    [Fri Oct 13 10:22:44.609375 2017] [mpm_winnt:notice] [pid 3068:tid 656] AH00354: Child: Starting 150 worker threads.
    [Fri Oct 13 10:23:49.156250 2017] [mpm_winnt:crit] [pid 3068:tid 656] AH02538: Child: Parent process exited abruptly. Child process is ending
    Starting the Apache2a service
    The Apache2a service is running.
    [core:warn] [pid 2096:tid 464] AH00098: pid file D:/phpStudy/Apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
    [Fri Oct 13 10:23:50.921875 2017] [mpm_winnt:notice] [pid 2096:tid 464] AH00455: Apache/2.4.10 (Win32) OpenSSL/0.9.8zb mod_fcgid/2.3.9 configured -- resuming normal operations
    [Fri Oct 13 10:23:50.921875 2017] [mpm_winnt:notice] [pid 2096:tid 464] AH00456: Apache Lounge VC9 Server built: Jul 19 2014 13:20:51
    [Fri Oct 13 10:23:50.921875 2017] [core:notice] [pid 2096:tid 464] AH00094: Command line: 'D:\\phpStudy\\Apache\\bin\\httpd.exe -d D:/phpStudy/Apache'
    [Fri Oct 13 10:23:50.921875 2017] [mpm_winnt:notice] [pid 2096:tid 464] AH00418: Parent: Created child process 4976
    [Fri Oct 13 10:23:51.437500 2017] [mpm_winnt:notice] [pid 4976:tid 656] AH00354: Child: Starting 150 worker threads.

    -------------------------

    回 100楼dongshan8的帖子
    <VirtualHost _default_:9096>
    DocumentRoot "D:\phpStudy\WWW"
      <Directory "D:\phpStudy\WWW">
        Options +Indexes +FollowSymLinks +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
      </Directory>
    </VirtualHost>


    <VirtualHost *:443>
        DocumentRoot "D:\shengyuanV19"
        ServerName www.域名1.cn
        ServerAlias
      <Directory "D:\shengyuanV19">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\shengyuanV19"
        ServerName 域名2.cn
        ServerAlias
      <Directory "D:\shengyuanV19">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\shengyuanV19"
        ServerName wx.域名3.cn
        ServerAlias
      <Directory "D:\shengyuanV19">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\msf\weimi"
        ServerName weixin.域名4.cn
        ServerAlias
      <Directory "D:\msf\weimi">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\msf\site"
        ServerName site.域名5.net
        ServerAlias
      <Directory "D:\msf\site">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\msf\case"
        ServerName case.域名6.net
        ServerAlias
      <Directory "D:\msf\case">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\msf\Editor\wwwroot"
        ServerName e.域名7.cn
        ServerAlias
      <Directory "D:\msf\Editor\wwwroot">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>

    <VirtualHost *:80>
        DocumentRoot "D:\yunying\qyws"
        ServerName yunying.域名8.cn
        ServerAlias www.sxqyws.net
      <Directory "D:\yunying\qyws">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>


    域名1就是我要加https的网站,在线等,好人一生平安

    -------------------------

    回 101楼aaaaa11123的帖子
    #
    # This is the Apache server configuration file providing SSL support.
    # It contains the configuration directives to instruct the server how to
    # serve pages over an https connection. For detailed information about these
    # directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>
    #
    # Do NOT simply read the instructions in here without understanding
    # what they do.  They're here only as hints or reminders.  If you are unsure
    # consult the online docs. You have been warned.  
    #

    #
    # Pseudo Random Number Generator (PRNG):
    # Configure one or more sources to seed the PRNG of the SSL library.
    # The seed data should be of good random quality.
    # WARNING! On some platforms /dev/random blocks if not enough entropy
    # is available. This means you then cannot use the /dev/random device
    # because it would lead to very long connection times (as long as
    # it requires to make more entropy available). But usually those
    # platforms additionally provide a /dev/urandom device which doesn't
    # block. So, if available, use this one instead. Read the mod_ssl User
    # Manual for more details.
    #
    #SSLRandomSeed startup file:/dev/random  512
    #SSLRandomSeed startup file:/dev/urandom 512
    #SSLRandomSeed connect file:/dev/random  512
    #SSLRandomSeed connect file:/dev/urandom 512


    #
    # When we also provide SSL we have to listen to the
    # standard HTTP port (see above) and to the HTTPS port
    #
    # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
    #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
    #
    Listen 443

    ##
    ##  SSL Global Context
    ##
    ##  All SSL configuration in this context applies both to
    ##  the main server and all SSL-enabled virtual hosts.
    ##

    #   Pass Phrase Dialog:
    #   Configure the pass phrase gathering process.
    #   The filtering dialog program (`builtin' is a internal
    #   terminal dialog) has to provide the pass phrase on stdout.
    SSLPassPhraseDialog  builtin

    #   Inter-Process Session Cache:
    #   Configure the SSL Session Cache: First the mechanism
    #   to use and second the expiring timeout (in seconds).
    #SSLSessionCache         "dbm:/Apache24/logs/ssl_scache"
    SSLSessionCache        "shmcb:/Apache24/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300

    <VirtualHost *:443>
    # 添加 SSL 协议支持协议,去掉不安全的协议
    SSLProtocol all -SSLv2 -SSLv3
    # 修改加密套件如下
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLHonorCipherOrder on
    # 证书公钥配置
    SSLCertificateFile conf/ssl/cert/public.pem
    # 证书私钥配置
    SSLCertificateKeyFile conf/ssl/cert/214277396730467.key
    # 证书链配置,如果该属性开头有 '#'字符,请删除掉
    SSLCertificateChainFile conf/ssl/cert/chain.pem
    </VirtualHost>
    ##
    ## SSL Virtual Host Context
    ##
    #<VirtualHost *:443>
    #        SSLEngine on
    #        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    #        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.pem"
    #        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.key"
    #        ServerName      "www.shanxiwap.cn"
    #        DocumentRoot    "D:\shengyuanV19"
    #</VirtualHost>
    这段是httpd-ssl.conf的配置







                                      

    -------------------------

    回 103楼dongshan8的帖子
    您好,我已将vhost.conf的注释如下:
    #<VirtualHost *:443>
    #    DocumentRoot "D:\shengyuanV19"
    #    ServerName 我的域名
    #    ServerAlias
    #  <Directory "D:\shengyuanV19">
    #      Options FollowSymLinks ExecCGI
    #      AllowOverride All
    #      Order allow,deny
    #      Allow from all
    #      Require all granted
    #  </Directory>
    #</VirtualHost>

    以下是httpd-ssl.conf的配置

    #
    # This is the Apache server configuration file providing SSL support.
    # It contains the configuration directives to instruct the server how to
    # serve pages over an https connection. For detailed information about these
    # directives see <URL:http://httpd.apache.org/docs/trunk/mod/mod_ssl.html>
    #
    # Do NOT simply read the instructions in here without understanding
    # what they do.  They're here only as hints or reminders.  If you are unsure
    # consult the online docs. You have been warned.  
    #

    #
    # Pseudo Random Number Generator (PRNG):
    # Configure one or more sources to seed the PRNG of the SSL library.
    # The seed data should be of good random quality.
    # WARNING! On some platforms /dev/random blocks if not enough entropy
    # is available. This means you then cannot use the /dev/random device
    # because it would lead to very long connection times (as long as
    # it requires to make more entropy available). But usually those
    # platforms additionally provide a /dev/urandom device which doesn't
    # block. So, if available, use this one instead. Read the mod_ssl User
    # Manual for more details.
    #
    #SSLRandomSeed startup file:/dev/random  512
    #SSLRandomSeed startup file:/dev/urandom 512
    #SSLRandomSeed connect file:/dev/random  512
    #SSLRandomSeed connect file:/dev/urandom 512


    #
    # When we also provide SSL we have to listen to the
    # standard HTTP port (see above) and to the HTTPS port
    #
    # Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
    #       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
    #
    Listen 443

    ##
    ##  SSL Global Context
    ##
    ##  All SSL configuration in this context applies both to
    ##  the main server and all SSL-enabled virtual hosts.
    ##

    #   Pass Phrase Dialog:
    #   Configure the pass phrase gathering process.
    #   The filtering dialog program (`builtin' is a internal
    #   terminal dialog) has to provide the pass phrase on stdout.
    SSLPassPhraseDialog  builtin

    #   Inter-Process Session Cache:
    #   Configure the SSL Session Cache: First the mechanism
    #   to use and second the expiring timeout (in seconds).
    #SSLSessionCache         "dbm:/Apache24/logs/ssl_scache"
    SSLSessionCache        "shmcb:/Apache24/logs/ssl_scache(512000)"
    SSLSessionCacheTimeout  300

    #<VirtualHost *:443>
    # 添加 SSL 协议支持协议,去掉不安全的协议
    # SSLProtocol all -SSLv2 -SSLv3
    # 修改加密套件如下
    # SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    # SSLHonorCipherOrder on
    # 证书公钥配置
    # SSLCertificateFile conf/ssl/cert/public.pem
    # 证书私钥配置
    # SSLCertificateKeyFile conf/ssl/cert/214277396730467.key
    # 证书链配置,如果该属性开头有 '#'字符,请删除掉
    # SSLCertificateChainFile conf/ssl/cert/chain.pem
    #</VirtualHost>
    ##
    ## SSL Virtual Host Context
    ##
    #<VirtualHost *:443>
    #        SSLEngine on
    #        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    #        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.pem"
    #        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.key"
    #        ServerName      "www.shanxiwap.cn"
    #        DocumentRoot    "D:\shengyuanV19"
    #</VirtualHost>

    <VirtualHost *:443>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
        SSLCertificateFile      "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.pem"
        SSLCertificateKeyFile   "D:\phpStudy\Apache\conf\ssl\cert\214277396730467.key"
        DocumentRoot "D:\shengyuanV19"
        ServerName "我的域名"
        ServerAlias
      <Directory "D:\shengyuanV19">
          Options FollowSymLinks ExecCGI
          AllowOverride All
          Order allow,deny
          Allow from all
          Require all granted
      </Directory>
    </VirtualHost>                        

    -------------------------

    回 103楼dongshan8的帖子
    您好,vhost.conf里有8个域名,其中前三个是绑定的一个路径,第一个是主域名(加https) 第二个是不带www的主域名,第三个是二级域名

    我刚才注释的vhost.conf是
    #<VirtualHost *:443>
    #    DocumentRoot "D:\shengyuanV19"
    #    ServerName 主域名
    #    ServerAlias
    #  <Directory "D:\shengyuanV19">
    #      Options FollowSymLinks ExecCGI
    #      AllowOverride All
    #      Order allow,deny
    #      Allow from all
    #      Require all granted
    #  </Directory>
    #</VirtualHost>

    第二个第三个没有动

    -------------------------

    回 103楼dongshan8的帖子
    方便的话  加个qq您远程控制我的桌面看看  1003521946   谢谢

    -------------------------

    回 107楼dongshan8的帖子
    还是只能访问http站点

    -------------------------

    回 109楼dongshan8的帖子
    现在可以在ecs服务器可以打开https网址了,  在本地访问不可以

    -------------------------

    回 112楼dongshan8的帖子
    老师你好:
    我在公网入方向添加自定义443  0.0.0.0/0  
    还是不行

    -------------------------

    Re回 114楼dongshan8的帖子
    老师您看看

    -------------------------

    Re回 116楼dongshan8的帖子
    防火墙也关的了

    -------------------------

    Re回 116楼dongshan8的帖子
    服务器进程图

    -------------------------

    回 119楼dongshan8的帖子
    在服务器  用https://域名和https://ip都可以打开
    0 0
  • 呵呵啦啦
    2017-09-28 11:17:56
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    为什么,按照你说的,都做了一遍,apache还是不启动呢?!???哭了
    0 0
  • 大树先生van
    2017-09-22 23:54:18
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    大半夜专门注册,花了5分钟去注册维护资料,然后来回复您的。


    ————
    网上一大堆教程,都不行, 按照您的思路之前也不可以, 后面是看了有个评论,我跟他的情况一样。故而一下子解决了我的问题,就是删除掉那一段代码。


    弄了一个下午终于弄好了,非常感谢您, 您带给了别人更多的能量与知识
    0 0
  • boss_2016
    2017-09-21 10:34:24
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    我的apache也无法启动,下面是日志

    [Wed Sep 20 15:31:11.095847 2017] [suexec:notice] [pid 20783] AH01232: suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Wed Sep 20 15:31:11.110011 2017] [ssl:warn] [pid 20784] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 15:31:11.110071 2017] [http2:warn] [pid 20784] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
    [Wed Sep 20 15:31:11.113493 2017] [mpm_prefork:notice] [pid 20784] AH00163: Apache/2.4.27 (Unix) OpenSSL/1.0.2l configured -- resuming normal operations
    [Wed Sep 20 15:31:11.113537 2017] [core:notice] [pid 20784] AH00094: Command line: '/usr/local/apache/bin/httpd'
    [Wed Sep 20 15:42:11.172820 2017] [mpm_prefork:notice] [pid 20784] AH00173: SIGHUP received.  Attempting to restart
    [Wed Sep 20 15:42:11.215499 2017] [ssl:warn] [pid 20784] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 15:42:11.215547 2017] [http2:warn] [pid 20784] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
    [Wed Sep 20 15:42:11.218809 2017] [mpm_prefork:notice] [pid 20784] AH00163: Apache/2.4.27 (Unix) OpenSSL/1.0.2l configured -- resuming normal operations
    [Wed Sep 20 15:42:11.218831 2017] [core:notice] [pid 20784] AH00094: Command line: '/usr/local/apache/bin/httpd'
    [Wed Sep 20 15:46:07.350650 2017] [mpm_prefork:notice] [pid 20784] AH00169: caught SIGTERM, shutting down
    [Wed Sep 20 15:47:13.333904 2017] [suexec:notice] [pid 3615] AH01232: suEXEC mechanism enabled (wrapper: /usr/local/apache/bin/suexec)
    [Wed Sep 20 15:47:13.368771 2017] [ssl:warn] [pid 3616] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 15:47:13.368827 2017] [http2:warn] [pid 3616] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
    [Wed Sep 20 15:47:13.523476 2017] [mpm_prefork:notice] [pid 3616] AH00163: Apache/2.4.27 (Unix) OpenSSL/1.0.2l configured -- resuming normal operations
    [Wed Sep 20 15:47:13.523526 2017] [core:notice] [pid 3616] AH00094: Command line: '/usr/local/apache/bin/httpd'
    [Wed Sep 20 16:02:25.230136 2017] [mpm_prefork:notice] [pid 3616] AH00173: SIGHUP received.  Attempting to restart
    [Wed Sep 20 16:02:25.255127 2017] [ssl:warn] [pid 3616] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 16:02:25.255786 2017] [ssl:warn] [pid 3616] AH01916: Init: (0.0.0.0:443) You configured HTTP(80) on the standard HTTPS(443) port!
    [Wed Sep 20 16:02:25.255816 2017] [http2:warn] [pid 3616] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
    [Wed Sep 20 16:02:25.263075 2017] [mpm_prefork:notice] [pid 3616] AH00163: Apache/2.4.27 (Unix) OpenSSL/1.0.2l configured -- resuming normal operations
    [Wed Sep 20 16:02:25.263100 2017] [core:notice] [pid 3616] AH00094: Command line: '/usr/local/apache/bin/httpd'
    [Wed Sep 20 16:17:17.734592 2017] [mpm_prefork:notice] [pid 3616] AH00173: SIGHUP received.  Attempting to restart
    [Wed Sep 20 16:17:17.765776 2017] [ssl:warn] [pid 3616] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 16:17:17.766354 2017] [ssl:warn] [pid 3616] AH01916: Init: (0.0.0.0:443) You configured HTTP(80) on the standard HTTPS(443) port!
    [Wed Sep 20 16:17:17.766413 2017] [http2:warn] [pid 3616] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
    [Wed Sep 20 16:17:17.775521 2017] [mpm_prefork:notice] [pid 3616] AH00163: Apache/2.4.27 (Unix) OpenSSL/1.0.2l configured -- resuming normal operations
    [Wed Sep 20 16:17:17.775557 2017] [core:notice] [pid 3616] AH00094: Command line: '/usr/local/apache/bin/httpd'
    [Wed Sep 20 16:51:45.740503 2017] [mpm_prefork:notice] [pid 3616] AH00173: SIGHUP received.  Attempting to restart
    [Wed Sep 20 16:51:45.768631 2017] [ssl:warn] [pid 3616] AH01873: Init: Session Cache is not configured [hint: SSLSessionCache]
    [Wed Sep 20 16:51:45.769258 2017] [:emerg] [pid 3616] AH00020: Configuration Failed, exiting
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    AH00016: Configuration Failed
    0 0
  • linyuhui168
    2017-09-08 23:56:16
    回 78楼albertdsg的帖子
    我也是启动不了,刚出坑,打开cmd,输入:D:\wamp\bin\apache\bin\httpd.exe -t  (你的apache安装目录)    回车,即显示错误信息
    0 0
  • albertdsg
    2017-08-16 10:04:29
    Re在 Windows 2008 系统为 phpstudy apache 不同网站配置不同SSL证书(SNI)
    我的也是这种情况,apache 不能启动  ,删除你评论里说的那个方法也不行,请问还有什么其他方法吗?
    0 0
滑动查看更多
+ 订阅

云安全开发者的大本营

相似问题
最新问题