我在apache 2.4中的sslrequire文件表达式有问题,因为它似乎找不到或无法访问所涉及的文件。
这是代码摘录:
<Location />
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire (%{SSL_CLIENT_CERT} eq file("<full_path_to_PEM_file>"))
</Location>
当我尝试访问该站点时,我会在日志中获得此错误:
[Tue Jun 27 13:20:02.358478 2017] [ssl:error] [pid 18661:tid 47040594310912] [client 82.69.3.205:58275] Evaluation of expression from 20-mod_ssl.conf:240 failed: Cannot open file <full_path_to_PEM_file>, referer: https://example.com/
权限是正确的,并且文件肯定存在,所以我不确定在这里还要做什么。
PEM文件是一个有效的公共证书,带有"开始证书"one_answers" End证书"行,在开始和结束...
有什么想法?
您的VHOST应该看起来像:
<VirtualHost *:443>
ServerAdmin webmaster@example.com
DocumentRoot /var/www/html/example
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/ssl/CA/example_com.crt
SSLCertificateKeyFile /etc/ssl/CA/example.key
# https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1203&nav=0,96,1,95
SSLCertificateChainFile /etc/ssl/CA/chain_example_with_Positive.pem
SSLHonorCipherOrder On
SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite RC4-SHA:HIGH:!MD5:!aNULL:!EDH:!ADH
SSLInsecureRenegotiation off
<Directory /example/>
Options Indexes SymLinksIfOwnerMatch
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/html/example/>
Options Indexes SymLinksIfOwnerMatch
AllowOverride All
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>