centos6.8+apache+https的简单搭建
很多理论知识这里就不提了,如果要深入了解建议先去了解下理论再来看会很容易看懂,下面直接操了。环境:
CentOS release 6.8 (Final)
apache-2.4.25
1、查看现有apache是否有编译安装过ssl模块
/usr/local/apache/bin/apachectl-l 2、没有的话需要添加ssl模块,apache是以嵌入的方式添加模块的
/usr/local/apache/bin/apxs-i -c -a -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
/usr/local/apache/bin/apxs -c -i mod_ssl.c
/usr/local/apache/bin/apxs -c -i mod_ssl.lo
ll /usr/local/apache/modules | grep ssl 3、开启ssl扩展功能
sed -i 's/\#Include conf\/extra\/httpd-ssl.conf/Include conf\/extra\/httpd-ssl.conf/' /usr/local/apache/conf/httpd.conf
sed -n '140p' /usr/local/apache/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so 4、生成不可信任额证书,公钥加密,私钥解密。私钥加密,公钥解密
生成服务器私钥
openssl genrsa-des3 -out server.key 2048 生成服务器证书请求,并按照要求填写相关证书信息
openssl req -new -key server.key -out server.csr 签证:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt 5、修改虚拟主机
sed -n '22,33p' /usr/local/apache/conf/extra/httpd-vhosts.conf
#
ServerAdmin 1009422178@qq.com
DocumentRoot "/var/www/html"
ServerName www.www.fangqiweb.org
ServerAlias www.fangqi.web.org
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key
ErrorLog "logs/error/www-error_log"
CustomLog "|/usr/local/sbin/cronolog /service/apache/logs/access/www-%Y%m%d_log" combined
6、添加监听端口
sed -i '53a\Listen 443' httpd.conf
7、检查语法,重启apache
/usr/local/apache/bin/apachectl-t
/usr/local/apache/bin/apachectlrestart
8、测试访问
9、如果访问不了
防火墙是否允许了https通过
vhost配置文件是否配置错误
apache的主配置文件是否有错误,或者缺少vhost里的目录位置信息
apache的监听端口是否开启
apache是否有正确添加ssl模块
常见错误:
/usr/local/apache/bin/apachectl-t
httpd: Syntax error on line 141 of /usr/local/apache-2.4.25/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: /usr/local/apache-2.4.25/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog
解决:
/usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
页:
[1]