RSA服务器证书apache2答案

【问题标题】：RSA server certificate apache2RSA服务器证书apache2
【发布时间】：2026-02-19 12:55:01
【问题描述】：

我正在努力在 docker 容器内配置带有 ssl 证书的虚拟主机（我认为问题与 docker 无关），当我连接到我的站点时，我没有任何错误，只是一个空白页，但在错误日志中我有这个：

    [Tue Aug 02 09:57:58.030690 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Aug 02 09:57:58.030862 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

这是我输入的创建密钥证书的命令：

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/mykey.crt -keyout /etc/ssl/private/mykey.key

我测试了创建两个证书，因为我需要两个虚拟主机，但它仍然不起作用，这是我的虚拟主机：服务器名 mysite.local

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html/public

            SetEnv APPLICATION_ENV "devDocker"

        <Directory /var/www/html/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        <Location /protected/>
            AuthTokenSecret       "mySuperSecret"
            AuthTokenPrefix       /protected/
            AuthTokenTimeout      120
        </Location>

            ErrorLog ${APACHE_LOG_DIR}/error-scco.log
            CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
    </VirtualHost>

    <VirtualHost *:443>
            ServerName mysite.local

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html/public

            SetEnv APPLICATION_ENV "devDocker"
        <Directory /var/www/html/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
        <Location /protected/>
            AuthTokenSecret       "mySuperSecret"
            AuthTokenPrefix       /protected/
            AuthTokenTimeout      120
        </Location>

            ErrorLog ${APACHE_LOG_DIR}/error-scco.log
            CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
            SSLEngine on
            SSLCertificateFile /etc/ssl/certs/mykey.crt
            SSLCertificateKeyFile /etc/ssl/private/mykey.key
    </VirtualHost>

    <VirtualHost *:80>
            ServerName devadmin.mysite.local

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html/public

            SetEnv APPLICATION_ENV "devDocker"

        <Directory /var/www/html/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        <Location /protected/>
            AuthTokenSecret       "mySuperSecret"
            AuthTokenPrefix       /protected/
            AuthTokenTimeout      120
        </Location>

            ErrorLog ${APACHE_LOG_DIR}/error-scco.log
            CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
    </VirtualHost>

    <VirtualHost *:443>
            ServerName devadmin.mysite.local

            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/html/public

            SetEnv APPLICATION_ENV "devDocker"
            SetEnv APPLICATION_WEB_BOOTSTRAP "devadmin"
        <Directory /var/www/html/public>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
        <Location /protected/>
            AuthTokenSecret       "mySuperSecret"
            AuthTokenPrefix       /protected/
            AuthTokenTimeout      120
        </Location>

            ErrorLog ${APACHE_LOG_DIR}/error-scco.log
            CustomLog ${APACHE_LOG_DIR}/access-scco.log combined
            SSLEngine on
            SSLCertificateFile /etc/ssl/certs/mykey.crt
            SSLCertificateKeyFile /etc/ssl/private/mykey.key
    </VirtualHost>

这是我输入service apache2 restart 时的日志：

    [Tue Aug 02 09:57:56.950457 2016] [mpm_prefork:notice] [pid 711] AH00169: caught SIGTERM, shutting down
    [Tue Aug 02 09:57:57.987280 2016] [ssl:warn] [pid 753] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Aug 02 09:57:57.987801 2016] [ssl:warn] [pid 753] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
    [Tue Aug 02 09:57:58.030501 2016] [ssl:warn] [pid 754] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Aug 02 09:57:58.030933 2016] [ssl:warn] [pid 754] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
    [Tue Aug 02 09:57:58.033677 2016] [mpm_prefork:notice] [pid 754] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.17 OpenSSL/1.0.1f configured -- resuming normal operations
    [Tue Aug 02 09:57:58.033700 2016] [core:notice] [pid 754] AH00094: Command line: '/usr/sbin/apache2'

提前谢谢你。

【问题讨论】：

我已经有一段时间没有使用openssl了，所以你可能很快就会得到更好的答案。但是在此之前帮助您解决问题，我猜问题是它所说的：RSA 服务器证书是 CA 证书。我认为您尝试在服务器上使用的证书实际上是 CA 证书，应该用于签署您应该在服务器上使用的证书。一些信息：akadia.com/services/ssh_test_certificate.html

标签： ssl docker https apache2

【解决方案1】：

这只是使用自签名证书时可忽略的警告。

【讨论】：