http://blog.chinaunix.net/uid/16979052.html
全部博文(286)
分类: LINUX
2013-03-27 15:17:41
|
[root@redhat ~]# mkdir -pv /etc/ssl mkdir: created directory `/etc/ssl' [root@redhat ~]# mkdir -pv /etc/ssl/private mkdir: created directory `/etc/ssl/private' [root@redhat ~]# chmod og-rwx /etc/ssl/private/ [root@redhat ~]# mkdir -pv /etc/ssl/certs mkdir: created directory `/etc/ssl/certs' [root@redhat ~]# mkdir -pv /etc/ssl/crl mkdir: created directory `/etc/ssl/crl' [root@redhat ~]#mkdir -pv /etc/ssl/newcerts mkdir: created directory `/etc/ssl/newcerts' |
|
[root@redhat ~]# mv /usr/share/ssl/openssl.cnf /etc/ssl/ [root@redhat ~]# ln -sv /etc/ssl/openssl.cnf /usr/share/ssl/openssl.cnf create symbolic link `/usr/share/ssl/openssl.cnf' to `/etc/ssl/openssl.cnf' [root@redhat ~]# export OPENSSL_CONF="/etc/ssl/openssl.cnf" [root@redhat ~]# echo "# OpenSSL Setting Locate" >> ~/.bashrc [root@redhat ~]# echo "export OPENSSL_CONF=\"/etc/ssl/openssl.cnf\"" >> ~/.bashrc [root@redhat ~]# openssl rand -out /etc/ssl/private/.rand 1024 ##制作随机数 [root@redhat ~]# chmod og-rwx /etc/ssl/private/.rand [root@redhat ~]# vi /etc/ssl/openssl.cnf ##编辑配置文件 dir = /etc/ssl |
|
[root@redhat ~]# openssl genrsa -des3 -out /etc/ssl/private/redhatroot.key 2048 Generating RSA private key, 2048 bit long modulus ..........+++ .....................................+++ e is 65537 (0x10001) Enter pass phrase for /etc/ssl/private/redhatroot.key: ##这里提示输入密码 Verifying - Enter pass phrase for /etc/ssl/private/redhatroot.key: [root@redhat ~]# chmod og-rwx /etc/ssl/private/redhatroot.key |
|
[root@redhat ~]# openssl req -new -key /etc/ssl/private/redhatroot.key -out /tmp/redhatroot.req Enter pass phrase for /etc/ssl/private/redhatroot.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:GD Locality Name (eg, city) [Newbury]:Dong Guan Organization Name (eg, company) [My Company Ltd]:none Organizational Unit Name (eg, section) []:redhat Common Name (eg, your name or your server's hostname) []:redhat Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
|
[root@redhat ~]# openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf \ -extensions v3_ca -signkey /etc/ssl/private/redhatroot.key -in /tmp/redhatroot.req \ -out /etc/ssl/certs/redhatroot.crt Signature ok subject=/C=CN/ST=GD/L=Dong Getting Private key Enter pass phrase for /etc/ssl/private/redhatroot.key: [root@redhat ~]# rm -f /tmp/redhatroot.req ##签完凭证,凭证申请书就不用了,可以删掉。 |
|
[root@redhat ~]# openssl genrsa -out /etc/ssl/private/myhost.key 2048 Generating RSA private key, 2048 bit long modulus ..................+++ .............................................................................................................+++ e is 65537 (0x10001) [root@redhat ~]# chmod og-rwx /etc/ssl/private/myhost.key |
|
[root@redhat ~]# openssl req -new -key /etc/ssl/private/myhost.key -out /tmp/myhost.req You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:GD Locality Name (eg, city) [Newbury]:Dong Guan Organization Name (eg, company) [My Company Ltd]:none Organizational Unit Name (eg, section) []:www Common Name (eg, your name or your server's hostname) []:redhat.test.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ##这里不要输入密码 An optional company name []: |
|
[root@redhat ~]# openssl x509 -req -days 3650 -sha1 -extfile \ /etc/ssl/openssl.cnf -extensions v3_req -CA /etc/ssl/certs/redhatroot.crt \ -CAkey /etc/ssl/private/redhatroot.key -CAserial /etc/ssl/redhatroot.srl -CAcreateserial \ -in /tmp/myhost.req -out /etc/ssl/certs/myhost.crt Signature ok subject=/C=CN/ST=GD/L=Dong Getting CA Private Key Enter pass phrase for /etc/ssl/private/redhatroot.key: [root@redhat ~]# rm -f /tmp/myhost.req |
|
[root@redhat ~]# vi /etc/httpd/httpd.conf LoadModule ssl_module modules/mod_ssl.so ##启用这两行 Include /etc/httpd/extra/httpd-ssl.conf # #ServerName redhat.test.com ##注释这几行,如果有的话 #DocumentRoot /var/www/extsuite/extmail/html/ #ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi #Alias /extmail /var/www/extsuite/extmail/html #ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi #Alias /extman /var/www/extsuite/extman/html #SuexecUserGroup vmail vmail #Alias /phpadmin /var/www/phpadmin # |
|
[root@redhat ~]# cp /etc/ssl/certs/myhost.crt /etc/httpd/server.crt [root@redhat ~]# cp /etc/ssl/private/myhost.key /etc/httpd/server.key |
|
[root@redhat ~]# vi /etc/httpd/extra/httpd-ssl.conf
# General setup for the virtual host
#DocumentRoot "/usr/local/httpd/htdocs" #ServerName #ServerAdmin ServerName redhat.test.com:443 DocumentRoot /var/www/extsuite/extmail/html/ ScriptAlias /extmail/cgi /var/www/extsuite/extmail/cgi Alias /extmail /var/www/extsuite/extmail/html ScriptAlias /extman/cgi /var/www/extsuite/extman/cgi Alias /extman /var/www/extsuite/extman/html SuexecUserGroup vmail vmail Alias /phpadmin /var/www/phpadmin ErrorLog /usr/local/httpd/logs/error_log TransferLog /usr/local/httpd/logs/access_log
# SSL Engine Switch:
|
|
[root@redhat ~]# /usr/local/httpd/bin/apachectl stop [root@redhat ~]# /usr/local/httpd/bin/apachectl start |
