这是一个创建于 3152 天前的主题,其中的信息可能已经有所发展或是发生改变。
事出于 https://disqus.com/home/discussion/jerryqu/certificate_transparency_67/#comment-2579209424
我按照 https://www.certificate-transparency.org/resources-for-site-owners/apache 上面的教程编译了 apache trunk 和 ssl-ct module 然后启用没有问题, http 可以正常打开, https 打开不能
下面是 log
[Sat Mar 26 16:21:12.242621 2016] [mpm_event:notice] [pid 12038:tid 139709956175744] AH00489: Apache/2.5.0-dev (Unix) OpenSSL/1.0.2g configured -- resuming normal operations
[Sat Mar 26 16:21:12.242646 2016] [core:notice] [pid 12038:tid 139709956175744] AH00094: Command line: '/usr/local/apache/bin/httpd'
[Sat Mar 26 16:21:42.254098 2016] [ssl_ct:error] [pid 12043:tid 139709956175744] (13)Permission denied: AH02779: couldn't read /usr/local/apache/conf/scts/ct.googleapis.com-rocketeer.sct
[Sat Mar 26 16:21:42.254304 2016] [ssl_ct:error] [pid 12043:tid 139709956175744] (13)Permission denied: AH02704: SCT maintenance daemon - SCT refresh failed; will try again later
发现是 Permission denied ,但是即使我把权限调成 apache 运行权限也没有任何改变还是一样的错误,一样的味道 http://ww2.sinaimg.cn/large/a15b4afegw1f2bdr5i5rej20yp0l87al
所以来请教下有没有什么解决方法
系统参数
root@main:~# uname -a
Linux main 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u2 (2016-01-02) x86_64 GNU/Linux
root@main:~# openssl version
OpenSSL 1.0.2g 1 Mar 2016
root@main:~# httpd -v
Server version: Apache/2.5.0-dev (Unix)
Server built: Mar 20 2016 00:38:01
ssl 配置
SSLCertificateFile /root/ssl/loli_pet.crt
SSLCertificateKeyFile /root/ssl/loli.pet.key
SSLCertificateChainFile /root/ssl/CA.crt
SSLCompression off
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
CTSCTStorage /tmp/scts
CTStaticSCTs /root/ssl/loli_pet.crt /usr/local/apache/conf/scts
证书使用的是 COMODO ECC https://loli.pet 现在暂时关掉了 ct 模块
 |
1
skydiver 2016-03-27 15:50:15 +08:00 via iPad
确保每一级目录 apache 都有 x 权限以及
可以看看是不是 selinux 的问题 |
Select Language