JinYazhou +

在Windows上配置多个站点SSL证书

原文:http://it.tingtao.net/archives/667.html


在IIS 8(对应的系统是Windows Server 2012)以前的版本是不能一台服务器绑定多个证书的,网上流传的修改配置文件加入主机头的方法根本不行,不论windows 2003还是2008 R2都不行,除非用的是通配符证书。


Apache版本(2.4.25)

下载地址:http://www.apachehaus.com/cgi-bin/download.plx

步骤:

1、运行前需提前安装vc2015组件;

2、修改Apache24\conf\httpd.conf

修改根目录地址:

Define SRVROOT "X:\Apache24"
#Listen 80
ServerName localhost:80改成88

去掉注释:

LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule headers_module modules/mod_headers.so
Include conf/extra/httpd-ssl.conf

3、修改Apache24\conf\extra\httpd-ssl.conf

#SSLCertificateFile "${SRVROOT}/conf/server.crt"
#SSLCertificateKeyFile "${SRVROOT}/conf/server.key"
#SSLCACertificatePath "${SRVROOT}/conf/ssl.crt"

4、IIS的SSL证书端口随意,不要占用443,如,444,445,446

5、443端口如果被占用,修改Apache24\conf\extra\httpd-ssl.conf,443改成其他不常用端口。

6、虚拟主机设置:

<VirtualHost *:443>
ServerName tingtao.net
ServerAlias www.tingtao.net
 
    SSLEngine on
    SSLCertificateFile c:\web\ca\www.tingtao.net\www.tingtao.net.crt
    SSLCertificateKeyFile c:\web\ca\www.tingtao.net\2_www.tingtao.net.key
    SSLCertificateChainFile c:\web\ca\www.tingtao.net\www.tingtao.net_ca.crt
 
RequestHeader set Front-End-Https "On"
 
<IfModule mod_ssl.c>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:102/
ProxyPassReverse / https://127.0.0.1:102/
</IfModule>
 
</VirtualHost>
 
#听涛 IT SSL
<VirtualHost *:443>
ServerName it.tingtao.net
 
    SSLEngine on
    SSLCertificateFile c:\web\ca\it.tingtao.net\it.tingtao.net.crt
    SSLCertificateKeyFile c:\web\ca\it.tingtao.net\2_it.tingtao.net.key
    SSLCertificateChainFile c:\web\ca\it.tingtao.net\it.tingtao.net_ca.crt
 
RequestHeader set Front-End-Https "On"
 
<IfModule mod_ssl.c>
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:103/
ProxyPassReverse / https://127.0.0.1:103/
</IfModule>
</VirtualHost>

最新评论