xyzjr 发表于 2018-11-28 13:03:54

Apache+ssl实现方式

  env:
  os:Centos4.8 final
  apache: httpd-2.0.64.tar.gz
  Openssl: openssl-0.9.7e.tar
  
  1 install openssl
  #tar vxfz openssl-0.9.7e.tar.gz
  #cd openssl-0.9.7e
  #./config --prefix=/usr/local/ssl
  #make
  #make install
  
  2 install apache
  
  #tar vzvf httpd-2.0.54.tar.gz
  #cd httpd-2.0.54
  #./configure --prefix=/usr/local/apache --enable-so –enable-rewrite --enable-ssl=static --with-ssl=/usr/local/ssl --enable-mods-shared=all
  #make
  #make install
  
  3 make a CA
  #mkdir /usr/local/apache/conf/ssl.crt   (create )
  #mkdir /usr/local/apache/conf/ssl.key
  #openssl req -new -out server.csr (Establish third-party fair)
  Generating a 1024 bit RSA private key
  ..............................................................................++++++
  ...........++++++
  writing new private key to 'privkey.pem'
  Enter PEM pass phrase:insert a password
  Verifying - Enter PEM pass phrase:reinsert a password
  -----
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  -----
  Country Name (2 letter code) :CN
  State or Province Name (full name) :ZheJiang
  Locality Name (eg, city) :HangZhou
  Organization Name (eg, company) :gdnotepad
  Organizational Unit Name (eg, section) []:
  Common Name (eg, your name or your server's hostname) []:192.168.1.212(register name)
  Email Address []:gdnoteapd@163.com(registerE-mail)
  Please enter the following 'extra' attributes
  to be sent with your certificate request
  A challenge password []:
  An optional company name []:
  
  
  #openssl rsa -in privkey.pem -out server.key  
  
  #openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365
  
  # mv server.crt /usr/local/apache/conf/ssl.crt
  # mv server.key /usr/local/apache/conf/ssl.key
  
  4 edit ssl.conf
  vim /usr/local/apache/conf/ssl.conf
  Listen 443 => Listen 0.0.0.0:443
  
  5 start ssl web service
  /usr/local/apache/bin/apachectl startssl

页: [1]
查看完整版本: Apache+ssl实现方式