1、首先要确认安装了 mod_ssl模块
我的机器是centos是系统,执行下面命令
yum install -y mod_ssl
2、用openssl工具生成密钥,证书请求文件,证书
在/usr/local/httpd目下,执行以下命令。
2.1生成密钥
openssl genrsa 1024 > server.key
说明:这是用128位rsa算法生成密钥,得到server.key文件
2.2生成证书请求文件
openssl req -new -out server.csr
说明:这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题,一一输入
2.3生成证书
命令:openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
说明:这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天
3、 配置apache
修改httpd.conf
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
修改httpd-ssl.conf
添加虚拟主机:
Listen 443NameVirtualHost *:443<VirtualHost *:443>
# General setup for the virtual hostDocumentRoot "/usr/local/httpd/htdocs/ssl"ServerName ssl.baishiz.com:443ServerAdmin you@example.comErrorLog "/usr/local/httpd/logs/error_log"TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine onSSLPRotocol all -SSLv2SSLCipherSuite HIGH:MEDIUM:!aNULL:!md5
SSLCertificateFile "/usr/local/httpd/server.crt"SSLCertificateKeyFile "/usr/local/httpd/server.key"
<FilesMatch "/.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars</FilesMatch><Directory "/usr/local/httpd/cgi-bin"> SSLOptions +StdEnvVars</Directory>BrowserMatch "MSIE [2-5]" / nokeepalive ssl-unclean-shutdown / downgrade-1.0 force-response-1.0CustomLog "/usr/local/httpd/logs/ssl_request_log" / "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x /"%r/" %b"
</VirtualHost>
新闻热点
疑难解答
