how to set up SSL for Apache for a Mac so I can te

2019-08-02 08:24发布

问题:

I set up Apache on with the standard self-signed ssl mods to my http.conf, and this is working locally on my mac, but when I try to access it from my windows machine with IE8 it doesn't seem to like the certificate.

I've tried to import the certificate into the Windows -> Internet Options modal, but that just doesn't seem to work for accessing the iFrame cross domain. IE shows that yellow alert at the bottom of the page warning about an iFrame, but doesn't load the other files from that domain. After I accept the alert, the page reloads and the same thing occurs.

In production this works with the real certs.

Any ideas on what might be wrong with my development environment and my certs?

UPDATE

I opened the command-line in admin mode and flushed the cache. No help. I am able to ping the domain name and get the correct IP back.

IE Reports: The security certificate presented by this website was issued for a different website's address.

UPDATE 2

http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

The above article touches on some of the key problems with running two SSL servers off of one machine (Mac OSX). However learning something about NameBased SSLVirtualHosts and SNI, I don't think it's the problem I am having, but it might be related. IE is reporting that the server domain and the cert don't match. So I wonder if this is related to me using a global cert for both SSL domains.

UPDATE 3 ( solution )

https://serverfault.com/questions/393363/mismatched-address-error-on-self-signed-ssl-certtificate

It turns out that the common name for the certificate was wrong, which allowed the certificate to work in FF, and Chrome, but not in IE8, IE9, IE10. After generating a new certificate as a wild card, I was able access all of the NameBased SSL Virtual Hosts via SNI. so set your common name to *.YourDomain.tld and you will be fine.

回答1:

The problem I was having is that the Common Name specified in the certificate was not a proper domain name for the domains I was hosting. Instead I was using a 'common name' for our company name, which was not a domain name at all.

If you are going to generate a self signed certificate you might want to use a Common Name like *.domain.tld to generate your star.domian.tld.key and star.domain.tld.crt