让apache支持ssl
让apache支持ssl环境:
redhat9
apache2.0.54
apache的编译参数
./configure --prefix=/usr/local/apache2 --with-layout=apache --enable-module=so --enable-module=setenvif --enable-module=rewrite --with-mpm=prefork --enable-ssl
查看apache编译进的模块
# bin/httpd -l
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
mod_env.c
mod_setenvif.c
mod_ssl.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
查看那系统是否安装了openssl
# rpm -qa|grep openssl
openssl-0.9.7a-2
openssl-devel-0.9.7a-2
生成证书文件
创建一个rsa私钥,文件名为server.key
# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)
用 server.key 生成证书签署请求 CSR
#openssl req -new -key server.key -out server.csr
Country Name:两个字母的国家代号
State or Province Name:省份名称
Locality Name:城市名称
Organization Name:公司名称
Organizational Unit Name:部门名称
Common Name:你的姓名
Email Address:地址
至于 'extra' attributes 不用输入
生成 server.csr 文件,并放在安全的地方。
生成证书CRT文件server.crt。
openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
将它们copy到apache的conf目录下
为了安全起见,将它们的权限进行修改
chmod 400 server.*
查看虚拟主机设置
# ../bin/apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:80 dummy-host.example.com (/usr/local/apache22/conf/extra/httpd-vhosts.conf:27)
*:81 dummy-host2.example.com (/usr/local/apache22/conf/extra/httpd-vhosts.conf:36)
_default_:443 www.example.com (/usr/local/apache22/conf/extra/httpd-ssl.conf:74)
Syntax OK
重启apache
查看443端口是否被监听netstat -an|grep 443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
客户端就能使用https来访问了
=============参考
FreeBSD Apache HTTPS配置
1. 设置启动
#echo 'apache2_enable="YES"' >> /etc/rc.conf
#echo ‘apache22ssl_enable="YES"' >> /etc/rc.conf
2. 编辑
/usr/local/etc/apache22/httpd.conf
在最后边加上支持:
Include etc/apache22/extra/httpd-ssl.conf
然后编辑:
/usr/local/etc/apache22/extra/httpd-ssl.conf
修改虚拟机路径:
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/usr/local/www/test"
ServerName www.test.com:443
ServerAdmin test@test.com
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
和以下两个位置为你存放证书路径:
SSLCertificateFile "/usr/local/etc/apache22/ssl.key/server.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"
3. 配置mod_ssl 生成证书
#openssl genrsa -des3 -out server.key 1024
#openssl rsa -in server.key -out server.key (*从密钥中删除密码,以避免系统启动时被询问口令)
#openssl req -new -key server.key -out server.csr
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#mkdir /usr/local/etc/apache22ssl.key
#mkdir /usr/local/etc/apache22ssl.crt
#chmod 0700 /usr/local/etc/apache22/ssl.key
#chmod 0700 /usr/local/etc/apache22/ssl.crt
#cp ~/server.key /usr/local/etc/apache22/ssl.key/
#cp ~/server.crt /usr/local/etc/apache22/ssl.crt/
#chmod 0400 /usr/local/etc/apache22/ssl.key/server.key
#chmod 0400 /usr/local/etc/apache22/ssl.crt/server.crt
4. 启动服务器,设置完成。访问服务器时输入:https://域名(或IP),浏览器会弹出安装服务器证明书的窗口。说明服务器已经支持SSL了
页:
[1]