Apache服务器HTTPS未完全正确配置的处理

问题一：通过网站https://csr.chinassl.net/ssl-checker.html验证，告知证书来自不被认可的机构，火狐浏览器访问网站出现Error code: SEC_ERROR_UNKNOWN_ISSUER，这是证书链未配置正确导致，只需要在原配置

<VirtualHost *:443>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin yourhost
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/yourhost.crt
    SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
    <Directory /usr/local/www/yourdir>
        AllowOverride All
    </Directory>
</VirtualHost>

增加证书链的配置（

SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle

）即可，更改后为：

<VirtualHost *:443>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin yourhost
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/yourhost.crt
    SSLCertificateKeyFile /etc/httpd/conf/yourkey.pem
SSLCertificateChainFile /etc/httpd/conf/yourcabundle.ca-bundle
    <Directory /usr/local/www/yourdir> 
       AllowOverride All 
   </Directory> 
</VirtualHost>

问题二：

Apache如何将http全部自动跳转到https

自动重写链接即可，将

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

加入配置文件，如下

<VirtualHost *:80>
    DocumentRoot "/usr/local/www/yourdir"
    ServerName yourhost
    ServerAdmin youhost
      RewriteEngine On
      RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
</VirtualHost>