為了在Apache伺服器上執行超過一個CA(Certificate
Authority),這個設定應該看起來像下列所列細節,請注意 SSLCACertificateFile 這行提及 2個提供兩個不同根憑證(root authorities)的組合檔(bundle files) ,並請注意每個虛擬主機符號
</VirtualHost> 的詳細設定。
### Section 3:
Virtual Hosts
<IfDefine HAVE_SSL>
## SSL Virtual Host Context
<VirtualHost 192.168.0.20:443>
DocumentRoot "/var/www/html2"
ServerName apache2.globaltrust.com.tw
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache.ssl/ca.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost 192.168.0.21:443>
DocumentRoot "/var/www/html2"
ServerName apache2.globaltrust.com.tw
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile /etc/httpd/conf/apache2.ssl/server.crt
SSLCertificateKeyFile /etc/httpd/conf/apache2.ssl/myserver.key
SSLCACertificateFile /etc/httpd/conf/apache2.ssl/other-bundle.txt
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
|
GlobalTrust SSL介紹
