一些背景:
我正在尝试为我的内部业务用户设置反向代理,以便在外部路由关闭时进行站点验证。我能够在httpd.conf中为端口80 :匿名用户设置具有相应虚拟主机条目的多个路由。我担心自己被困在SSL路由上,无法取得进展。我去过多个论坛,但找不到一个帮助我更进一步的回应。
服务器详细信息:
Apache版本: Apache/2.2.29 (Unix) Linux版本:$ cat /etc/*-发布企业Linux企业Linux服务器5.8 (Carthage) Oracle Linux Server发布5.8红帽企业Linux服务器5.8 (Tikanga)
问题:
当我试图通过SSL (*:443)访问时,我在所有3种浏览器(IE/Chrome/Firefox)上都会得到空响应。注意:我按照如何创建和安装Apache自签名证书的说明生成了自签名证书。
Troubleshooting
错误日志
[Wed Jul 08 23:16:06 2015] [notice] Digest: generating secret for digest authentication ...
[Wed Jul 08 23:16:06 2015] [notice] Digest: done
[Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com
[Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com
[Wed Jul 08 23:16:06 2015] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Jul 08 23:16:06 2015] [info] LDAP: SSL support available
[Wed Jul 08 23:16:06 2015] [info] mod_unique_id: using ip addr 127.0.0.1
[Wed Jul 08 23:16:07 2015] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:16:07 2015] [info] Loading certificate & private key of SSL-aware server
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key - pass phrase not required
[Wed Jul 08 23:16:07 2015] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Jul 08 23:16:07 2015] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(253): shmcb_init allocated 512000 bytes of shared memory
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(272): for 511920 bytes (512000 including header), recommending 32 subcaches, 133 indexes each
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(306): shmcb_init_memory choices follow
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(308): subcache_num = 32
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(310): subcache_size = 15992
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(312): subcache_data_offset = 3208
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(314): subcache_data_size = 12784
[Wed Jul 08 23:16:07 2015] [debug] ssl_scache_shmcb.c(316): index_num = 133
[Wed Jul 08 23:16:07 2015] [info] Shared memory session cache initialised
[Wed Jul 08 23:16:07 2015] [info] Init: Initializing (virtual) servers for SSL
[Wed Jul 08 23:16:07 2015] [info] Configuring server for SSL protocol
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(521): Creating new SSL context (protocols: SSLv3, TLSv1)
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(759): Configuring permitted SSL ciphers [HIGH:MEDIUM:!aNULL:!MD5]
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(843): Configuring server certificate chain (1 CA certificate)
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(890): Configuring RSA server certificate
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(936): Configuring RSA server private key
[Wed Jul 08 23:16:07 2015] [debug] ssl_engine_init.c(521): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jul 08 23:16:07 2015] [info] mod_ssl/2.2.29 compiled against Server: Apache/2.2.29, Library: OpenSSL/0.9.8e-fips-rhel5
[Wed Jul 08 23:16:07 2015] [debug] proxy_util.c(1829): proxy: grabbed scoreboard slot 11 in child 6098 for worker proxy:reverse
[Wed Jul 08 23:16:07 2015] [debug] proxy_util.c(1945): proxy: initialized single connection worker 11 in child 6098 for (*)
---------
truncated for ease of reading
---------
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 0 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1872): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1911): | 0000: 43 4f 4e 4e 45 43 54 20-73 74 67                 CONNECT stg      |
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1917): +-------------------------------------------------------------------------+
**[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] SSL library error 1 in handshake (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request speaking HTTP to HTTPS port!?
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection closed to child 0 with abortive shutdown (server stgwww.cos.agilent.com:443)**
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 1 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1872): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1911): | 0000: 43 4f 4e 4e 45 43 54 20-73 74 67                 CONNECT stg      |
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1917): +-------------------------------------------------------------------------+
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1940): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] SSL library error 1 in handshake (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] SSL Library Error: 336027803 error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request speaking HTTP to HTTPS port!?
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection closed to child 1 with abortive shutdown (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] [client 192.168.244.1] Connection to child 4 established (server stgwww.cos.agilent.com:443)
[Wed Jul 08 23:19:02 2015] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1903): OpenSSL: Handshake: start
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_kernel.c(1911): OpenSSL: Loop: before/accept initialization
[Wed Jul 08 23:19:02 2015] [debug] ssl_engine_io.c(1939): OpenSSL: read 11/11 bytes from BIO#22341b0 [mem: 223b880] (BIO dump follows)===========
打开SSL检查
[sandeep@atgweb logs]$ openssl s_client -connect  192.168.244.129:443 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
**SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK**
SSL_connect:SSLv3 read server hello A
depth=0 /C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
**verify error:num=18:self signed certificate**
verify return:1
depth=0 /C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A
read R BLOCK
SSL_connect:SSLv3 read finished A
read R BLOCK
---
Certificate chain
 0 s:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
   i:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
 1 s:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=atgweb.localvm.com/emailAddress=sandeep_rohilla@agilent.com
   i:/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=atgweb.localvm.com/emailAddress=sandeep_rohilla@agilent.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQDmbgmAHQHTpTANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCUN1cGVydGlubzEQMA4G
A1UEChMHQWdpbGVudDELMAkGA1UECxMCSVQxHzAdBgNVBAMTFnN0Z3d3dy5jb3Mu
YWdpbGVudC5jb20xKjAoBgkqhkiG9w0BCQEWG3NhbmRlZXBfcm9oaWxsYUBhZ2ls
ZW50LmNvbTAeFw0xNTA3MDgxNzM2MzZaFw0xNjA3MDcxNzM2MzZaMIGiMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJQ3VwZXJ0aW5v
MRAwDgYDVQQKEwdBZ2lsZW50MQswCQYDVQQLEwJJVDEfMB0GA1UEAxMWc3Rnd3d3
LmNvcy5hZ2lsZW50LmNvbTEqMCgGCSqGSIb3DQEJARYbc2FuZGVlcF9yb2hpbGxh
QGFnaWxlbnQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDET9X5cK3G
5Cgxz6RIo1irZAnqQQg2sMdDZ3nTyGLzOTNp90xhHp1+VC6ud5Hcivv2112+QCsA
MVVJIlkUs+bv7gyiPvviFOSyoi5KAiONkmyr5Vyy1XrVfsrCcF/JhYLltoghDl+Q
6ask51K3OUjVka6UrziAunuzgoR5QHavkQIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
ABJqn06X+nvN8gZo9e+ywZhUlyhJIkrYeSS3tEpnBS4PRGyHe2egZKeu1oOquI4w
Sf1toICVVusCoLnSEw1lScfNEYk4oVdmAZBKGV1dHS8dIM7/UIQuIoRQlBQ6DkJp
uq9NHIZrmM0j1Mrj5gxRx0Yqz8U/pYm3XuEAgy7KTmYz
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
issuer=/C=US/ST=California/L=Cupertino/O=Agilent/OU=IT/CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
---
No client certificate CA names sent
---
SSL handshake has read 2509 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: EE96B79CC47110B9A7B242691F1721DE77A3119F001CC88CE3B9BEFB4433D8D1
    Session-ID-ctx: 
    Master-Key: 30CB866077089FD7198DBD08EEAD9A98C58E43563A191FA2FA8E7A967963E4A614F53045C8528B0978ABD0285ACC41FE
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1436378586
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
[sandeep@atgweb logs]$ cd ..
[sandeep@atgweb apache2]$ cd bin
[sandeep@atgweb bin]$ sudo ./apachectl -version
Server version: Apache/2.2.29 (Unix)
Server built:   May 21 2015 21:05:01HTTPD-SSL.CONF文件
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512    
Listen 443
NameVirtualHost *:443
#   Some MIME-types for downloading Certificates and CRLs
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/usr/local/apache2/logs/ssl_mutex"
## SSL Virtual Host Context   
<VirtualHost _default_:443>
#   General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
ServerName xxxxx:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   SSL Protocol support:
SSLProtocol all -SSLv2
#   SSL Cipher Suite:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
#   Server Certificate:
SSLCertificateFile "/usr/local/apache2/conf/ssl.crt"
#   Server Private Key:
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl.key"
#   Server Certificate Chain:
SSLCertificateChainFile "/home/sandeep/sandeep.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
#   Per-Server Logging:
CustomLog "/usr/local/apache2/logs/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProxyEngine on
SSLProxyVerify none
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyPass / http://www.google.com
ProxyPassReverse / http://www.google.com
</VirtualHost> 启用模块的
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule echo_module modules/mod_echo.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule charset_lite_module modules/mod_charset_lite.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so我非常感谢你在这方面的帮助。已经好几天了,我的头一直撞在墙上。如果我错过了一些基本的道歉,我也是新手。
发布于 2015-07-09 08:01:07
我在OS上使用pbpaste将来自s_client的PEM编码证书粘贴到剪贴板上(见下文)。您可以连接到openssl s_client -connect 192.168.244.129:443,但192.168.244.129是而不是,是主题的替代名称。
您需要修复服务器证书中的名称。若要为浏览器创建具有服务器名称的证书,请参见如何使用openssl创建自签名证书?。(不要担心自我签名和CSR --步骤是一样的)。
浏览器仍然可能拒绝自签名证书。答案讨论了为什么和如何修复它。
相关信息:
SSLProtocol all -SSLv2应该是SSLProtocol all -SSLv2 -SSLv3SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5应该是SSLCipherSuite HIGH:!aNULL:!MD5:!RC4。sha1WithRSAEncryption应该使用SHA256和2048位RSA模块。$ pbpaste | openssl x509 -text -noout
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 16604219322008720293 (0xe66e09801d01d3a5)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=California, L=Cupertino, O=Agilent, OU=IT, CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
        Validity
            Not Before: Jul  8 17:36:36 2015 GMT
            Not After : Jul  7 17:36:36 2016 GMT
        Subject: C=US, ST=California, L=Cupertino, O=Agilent, OU=IT, CN=stgwww.cos.agilent.com/emailAddress=sandeep_rohilla@agilent.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:c4:4f:d5:f9:70:ad:c6:e4:28:31:cf:a4:48:a3:
                    58:ab:64:09:ea:41:08:36:b0:c7:43:67:79:d3:c8:
                    62:f3:39:33:69:f7:4c:61:1e:9d:7e:54:2e:ae:77:
                    91:dc:8a:fb:f6:d7:5d:be:40:2b:00:31:55:49:22:
                    59:14:b3:e6:ef:ee:0c:a2:3e:fb:e2:14:e4:b2:a2:
                    2e:4a:02:23:8d:92:6c:ab:e5:5c:b2:d5:7a:d5:7e:
                    ca:c2:70:5f:c9:85:82:e5:b6:88:21:0e:5f:90:e9:
                    ab:24:e7:52:b7:39:48:d5:91:ae:94:af:38:80:ba:
                    7b:b3:82:84:79:40:76:af:91
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha1WithRSAEncryption
         12:6a:9f:4e:97:fa:7b:cd:f2:06:68:f5:ef:b2:c1:98:54:97:
         28:49:22:4a:d8:79:24:b7:b4:4a:67:05:2e:0f:44:6c:87:7b:
         67:a0:64:a7:ae:d6:83:aa:b8:8e:30:49:fd:6d:a0:80:95:56:
         eb:02:a0:b9:d2:13:0d:65:49:c7:cd:11:89:38:a1:57:66:01:
         90:4a:19:5d:5d:1d:2f:1d:20:ce:ff:50:84:2e:22:84:50:94:
         14:3a:0e:42:69:ba:af:4d:1c:86:6b:98:cd:23:d4:ca:e3:e6:
         0c:51:c7:46:2a:cf:c5:3f:a5:89:b7:5e:e1:00:83:2e:ca:4e:
         66:33https://stackoverflow.com/questions/31303077
复制相似问题