ssl证书申请,检测结果为txt不匹配

问:申请域名:www.sckingsun.com   tmlpgr46cp1was4aokii8q6uuaa561kqz9wxq4cuq9sjnmea提交多次,检测显示不匹配,麻烦帮我处理下,谢谢,SSL证书申请,检测结果为txt不匹配

答:您好,

dns验证相较文件验证时间更久,同时检测您的txt记录设置不完整,请核实并重新设置,确认设置无误后晚些时候再检测看下,非常感谢您长期对我司的支持!

问:已经部署,请看下是否正确

答:您好,

测试https://www.sckingsun.com/已经可以访问,由于浏览器默认是访问http请求,如需直接访问https可参考https://www.west.cn/faq/list.asp?unid=1419 设置301跳转,非常感谢您长期对我司的支持!

问:

问:

问:#

# This is the Apache server configuration file providing SSL support.

# It contains the configuration directives to instruct the server how to

# serve pages over an https connection. For detailing information about these 

# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>

# Do NOT simply read the instructions in here without understanding

# what they do.  They're here only as hints or reminders.  If you are unsure

# consult the online docs. You have been warned.  

#

#

# Pseudo Random Number Generator (PRNG):

# Configure one or more sources to seed the PRNG of the SSL library.

# The seed data should be of good random quality.

# WARNING! On some platforms /dev/random blocks if not enough entropy

# is available. This means you then cannot use the /dev/random device

# because it would lead to very long connection times (as long as

# it requires to make more entropy available). But usually those

# platforms additionally provide a /dev/urandom device which doesn't

# block. So, if available, use this one instead. Read the mod_ssl User

# Manual for more details.

#

#SSLRandomSeed startup file:/dev/random  512

#SSLRandomSeed startup file:/dev/urandom 512

#SSLRandomSeed connect file:/dev/random  512

#SSLRandomSeed connect file:/dev/urandom 512

#

# When we also provide SSL we have to listen to the 

# standard HTTP port (see above) and to the HTTPS port

#

# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two

#       Listen directives: "Listen [::]:443" and "Listen 127.0.0.1:443"

#

Listen 443

##

##  SSL Global Context

##

##  All SSL configuration in this context applies both to

##  the main server and all SSL-enabled virtual hosts.

##

#

# Note: The following must must be present to support

#       starting without SSL on platforms with no /dev/random equivalent

#       but a statically compiled-in mod_ssl.

#

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

#

#   Some MIME-types for downloading Certificates and CRLs

#

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:

#   Configure the pass phrase gathering process.

#   The filtering dialog program (`builtin' is a internal

#   terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:

#   Configure the SSL Session Cache: First the mechanism 

#   to use and second the expiring timeout (in seconds).

#SSLSessionCache         "dbm:/Apache22/logs/ssl_scache"

SSLSessionCache        "shmcb:H:/tomcat/Apache22N/Apache22/logs/ssl_scache"

SSLSessionCacheTimeout  300

#   Semaphore:

#   Configure the path to the mutual exclusion semaphore the

#   SSL engine uses internally for inter-process synchronization. 

SSLMutex default

#   SSL Protocol support:

#   List the protocol versions which clients are allowed to

#   connect with. Disable SSLv2 by default (cf. RFC 6176).

SSLProtocol -all TLSv1 TLSv1.1 TLSv1.2

#   SSL Cipher Suite:

#   List the ciphers that the client is permitted to negotiate.

#   See the mod_ssl documentation for a complete list.

SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!RC4:!LOW:!MD5:!aNULL:!eNULL:!3DES:!EXP:!PSK:!SRP:!DSS

#   Speed-optimized SSL Cipher configuration:

#   If speed is your main concern (on busy HTTPS servers e.g.),

#   you might want to force clients to specific, performance

#   optimized ciphers. In this case, prepend those ciphers

#   to the SSLCipherSuite list, and enable SSLHonorCipherOrder.

#   Caveat: by giving precedence to RC4-SHA and AES128-SHA

#   (as in the example below), most connections will no longer

#   have perfect forward secrecy – if the server's key is

#   compromised, captures of past or future traffic must be

#   considered compromised, too.

SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5

#SSLHonorCipherOrder on 

##

## SSL Virtual Host Context

##

NameVirtualHost *:443

<VirtualHost _default_:443>

  SSLEngine on

  ServerName localhost:443

  SSLCertificateFile H:/tomcat/Apache22N/Apache22/conf/ssl/wrs.gykjewm.com_ca.crt

  SSLCertificateKeyFile H:/tomcat/Apache22N/Apache22/conf/ssl/wrs.gykjewm.com.key

  Document H:/tomcat/Apache22N/Apache22/htdocs

# openssl req -new > server.csr

# openssl rsa -in privkey.pem -out server.key

# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 2048

<FilesMatch "\\.(cgi|shtml|phtml|php)$">

    SSLOptions StdEnvVars

</FilesMatch>

<Directory "H:/tomcat/Apache22N/Apache22/cgi-bin">

    SSLOptions StdEnvVars

</Directory>

BrowserMatch "MSIE [2-5]" \\

         nokeepalive ssl-unclean-shutdown \\

         downgrade-1.0 force-response-1.0

CustomLog "H:/tomcat/Apache22N/Apache22/logs/ssl_request.log" \\

          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\"%r\\" %b"

</virtualhost>

#<VirtualHost _default_:443>

#   General setup for the virtual host

#Document "/Apache22/htdocs"

#ServerName www.example.com:443

#Server @example.com

#ErrorLog "/Apache22/logs/error.log"

#TransferLog "/Apache22/logs/access.log"

#   SSL Engine Switch:

#   Enable/Disable SSL for this virtual host.

#SSLEngine on

#   SSL Cipher Suite:

#   List the ciphers that the client is permitted to negotiate.

#   See the mod_ssl documentation for a complete list.

#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP: eNULL

#   Server Certificate:

#   Point SSLCertificateFile at a PEM encoded certificate.  If

#   the certificate is encrypted, then you will be prompted for a

#   pass phrase.  Note that a kill -HUP will prompt again.  Keep

#   in mind that if you have both an RSA and a DSA certificate you

#   can configure both in parallel (to also allow the use of DSA

#   ciphers, etc.)

#SSLCertificateFile "/Apache22/conf/ssl/server.crt"

#SSLCertificateFile "/Apache22/conf/server-dsa.crt"

#   Server Private Key:

#   If the key is not combined with the certificate, use this

#   directive to point at the key file.  Keep in mind that if

#   you've both a RSA and a DSA private key you can configure

#   both in parallel (to also allow the use of DSA ciphers, etc.)

#SSLCertificateKeyFile "/Apache22/conf/ssl/server.key"

#SSLCertificateKeyFile "/Apache22/conf/server-dsa.key"

#   Server Certificate Chain:

#   Point SSLCertificateChainFile at a file containing the

#   concatenation of PEM encoded CA certificates which form the

#   certificate chain for the server certificate. Alternatively

#   the referenced file can be the same as SSLCertificateFile

#   when the CA certificates are directly appended to the server

#   certificate for convinience.

#SSLCertificateChainFile "/Apache22/conf/server-ca.crt"

#   Certificate Authority (CA):

#   Set the CA certificate verification path where to find CA

#   certificates for client authentication or alternatively one

#   huge file containing all of them (file must be PEM encoded)

#   Note: Inside SSLCACertificatePath you need hash symlinks

#         to point to the certificate files. Use the provided

#         Makefile to update the hash symlinks after changes.

#SSLCACertificatePath "/Apache22/conf/ssl.crt"

#SSLCACertificateFile "/Apache22/conf/ssl.crt/ca-bundle.crt"

#   Certificate Revocation Lists (CRL):

#   Set the CA revocation path where to find CA CRLs for client

#   authentication or alternatively one huge file containing all

#   of them (file must be PEM encoded)

#   Note: Inside SSLCARevocationPath you need hash symlinks

#         to point to the certificate files. Use the provided

#         Makefile to update the hash symlinks after changes.

#SSLCARevocationPath "/Apache22/conf/ssl.crl"

#SSLCARevocationFile "/Apache22/conf/ssl.crl/ca-bundle.crl"

#   Client Authentication (Type):

#   Client certificate verification type and depth.  Types are

#   none, optional, require and optional_no_ca.  Depth is a

#   number which specifies how deeply to verify the certificate

#   issuer chain before deciding the certificate is not valid.

#SSLVerifyClient require

#SSLVerifyDepth  10

#   Access Control:

#   With SSLRequire you can do per-directory access control based

#   on arbitrary complex boolean expressions containing server

#   variable checks and other lookup directives.  The syntax is a

#   mixture between C and Perl.  See the mod_ssl documentation

#   for more details.

#<Location />

#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \\

#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \\

#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \\

#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \\

#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \\

#           or %{REMOTE_ADDR} =~ m/^192\\.76\\.162\\.[0-9] $/

#</Location>

#   SSL Engine Options:

#   Set various options for the SSL engine.

#   o FakeBasicAuth:

#     Translate the client X.509 into a Basic Authorisation.  This means that

#     the standard Auth/DBMAuth methods can be used for access control.  The

#     user name is the `one line' version of the client's X.509 certificate.

#     Note that no password is obtained from the user. Every entry in the user

#     file needs this `xxj31ZMTZzkVA'.

#   o ExportCertData:

#     This exports two additional environment variables: SSL_CLIENT_CERT and

#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the

#     server (always existing) and the client (only existing when client

#     authentication is used). This can be used to import the certificates

#     into CGI scripts.

#   o StdEnvVars:

#     This exports the standard SSL/TLS related `SSL_*' environment variables.

#     Per default this exportation is switched off for performance reasons,

#     because the extraction step is an expensive operation and is usually

#     useless for serving static content. So one usually enables the

#     exportation for CGI and SSI requests only.

#   o StrictRequire:

#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even

#     under a "Satisfy any" situation, i.e. when it applies access is denied

#     and no other module can change it.

#   o OptRenegotiate:

#     This enables optimized SSL connection renegotiation handling when SSL

#     directives are used in per-directory context. 

#SSLOptions FakeBasicAuth ExportCertData StrictRequire

#<FilesMatch "\\.(cgi|shtml|phtml|php)$">

#    SSLOptions StdEnvVars

#</FilesMatch>

#<Directory "/Apache22/cgi-bin">

#    SSLOptions StdEnvVars

#</Directory>

#   SSL Protocol Adjustments:

#   The safe and default but still SSL/TLS standard compliant shutdown

#   approach is that mod_ssl sends the close notify alert but doesn't wait for

#   the close notify alert from client. When you need a different shutdown

#   approach you can use one of the following variables:

#   o ssl-unclean-shutdown:

#     This forces an unclean shutdown when the connection is closed, i.e. no

#     SSL close notify alert is send or allowed to received.  This violates

#     the SSL/TLS standard but is needed for some brain-dead browsers. Use

#     this when you receive I/O errors because of the standard approach where

#     mod_ssl sends the close notify alert.

#   o ssl-wn:

#     This forces an accurate shutdown when the connection is closed, i.e. a

#     SSL close notify alert is send and mod_ssl waits for the close notify

#     alert of the client. This is 100% SSL/TLS standard compliant, but in

#     practice often causes hanging connections with brain-dead browsers. Use

#     this only for browsers where you know that their SSL implementation

#     works correctly. 

#   Notice: Most problems of broken clients are also related to the HTTP

#   keep-alive facility, so you usually additionally want to disable

#   keep-alive for those clients, too. Use variable "nokeepalive" for this.

#   Similarly, one has to force some clients to use HTTP/1.0 to workaround

#   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and

#   "force-response-1.0" for this.

#BrowserMatch ".*MSIE.*" \\

#         nokeepalive ssl-unclean-shutdown \\

#         downgrade-1.0 force-response-1.0

#   Per-Server Logging:

#   The home of a custom SSL log file. Use this when you want a

#   compact non-error SSL logfile on a virtual host basis.

#CustomLog "/Apache22/logs/ssl_request.log" \\

#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\"%r\\" %b"

#</VirtualHost>                                  

问:

答:您好,我司证书没有问题的,查看您使用的是其他公司的服务器,请您联系服务器商为您部署https试试,可以参考https://www.wosign.com/faq/faq-phpstudy-ssl.htm 核实下,非常感谢您长期对我司的支持!

更多关于云服务器域名注册虚拟主机的问题,请访问西部数码官网:www.west.cn
赞(0)
声明:本网站发布的内容(图片、视频和文字)以原创、转载和分享网络内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-62778877-8306;邮箱:fanjiao@west.cn。本站原创内容未经允许不得转载,或转载时需注明出处:西部数码知识库 » ssl证书申请,检测结果为txt不匹配

登录

找回密码

注册