在apache ubuntu 12上安装Thawte ssl 123证书

Question

我最近从thwate购买了ssl123证书。他们提供了以下文件1:x.509证书2:Apache 3:中间CA1

我试图安装在我的服务器上，但没有成功，这里是我的配置。

虚拟主机文件

<IfModule mod_ssl.c>
<VirtualHost IP:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/x.509.crt
        SSLCertificateKeyFile /etc/apache2/ssl/my.key
        SSLCACertificateFile /etc/apache2/ssl/intermediate.crt
        ServerAdmin xyz@gmail.com
        ServerName  www.xyz.org
        ServerAlias xyz.org
        DocumentRoot /var/www/ecommerce/
        <Directory />
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
        </Directory>
        <Directory /var/www/ecommerce/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>
</<IfModule>

     port.conf file

     NameVirtualHost *:80
     Listen 80

     <IfModule mod_ssl.c>
         # If you add NameVirtualHost *:443 here, you will also have to change
         # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
         # to <VirtualHost *:443>
         # Server Name Indication for SSL named virtual hosts is currently not
         # supported by MSIE on Windows XP.
         Listen 443
     </IfModule>

     <IfModule mod_gnutls.c>
         Listen 443
    </IfModule>

Apache错误日志

[Thu Aug 01 11:43:58 2013] [notice] caught SIGTERM, shutting down
[Thu Aug 01 11:43:59 2013] [warn] [mod_spdy/0.9.4.1-397] [7305:7305:WARNING:mod_spdy.cc(166)] mod_spdy is insta                        config. SPDY will not be used by this server.  See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for ho
[Thu Aug 01 11:43:59 2013] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Aug 01 11:43:59 2013] [warn] RSA server certificate CommonName (CN) `Thawte DV SSL CA' does NOT match serv
[Thu Aug 01 11:43:59 2013] [error] Unable to configure RSA server private key
[Thu Aug 01 11:43:59 2013] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_c

更新配置

[Thu Aug 01 13:09:03 2013] [error] Init: Multiple RSA server certificates not allowed
[Thu Aug 01 13:10:51 2013] [warn] [mod_spdy/0.9.4.1-397] [13606:13606:WARNING:mod_spdy.cc(166)] mod_spdy is installed, but has not been enabled in the Apache config. SPDY will not be used by this server.  See http://code.google.com/p/mod-spdy/wiki/ConfigOptions for how to enable.

VHOST文件

IfModule mod_ssl.c>
<VirtualHost IP:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/x.509.crt
        SSLCertificateKeyFile /etc/apache2/ssl/my.key
        SSLCACertificateFile /etc/apache2/ssl/rootcertificate.crt
        ServerAdmin xyz@gmail.com
        ServerName  www.xyz.org
        ServerAlias xyz.org
        DocumentRoot /var/www/ecommerce/
        <Directory />
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
        </Directory>
        <Directory /var/www/ecommerce/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>
</<IfModule>

Answer 1

证书/私钥或根CA证书不匹配。

您正在为参数SSLCACertificateFile使用中间证书。请切换到正确的根CA证书，它将与您的证书类型匹配。"Thawte Premium Server CA“链接：塔特下载

顺便说一句:您的apache日志似乎在右侧被截断。