配置Apache的HTTPS访问支持
2011-12-27 TsengYia#126.com http://tsengyia.blog.chinaunix.net/
##############################################################################
系统环境:
RHEL 5.5 [2.6.18-192.el5]
软件环境:
openssl-0.9.8e-12.el5_4.6
openssl-devel-0.9.8e-12.el5_4.6
httpd-2.2.17.tar.gz
##############################################################################
一、安装的httpd应支持ssl、rewrite
[root@localhost httpd-2.2.17]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-charset-lite --enable-cgi --with-ssl=/usr/lib --enable-ssl
[root@localhost httpd-2.2.17]# make
[root@localhost httpd-2.2.17]# make install
二、准备SSL密钥和证书文件
1. 方式一,偷懒的办法,直接使用RHEL5中的localhost.key、localhost.crt文件
[root@localhost ~]# cd /etc/pki/tls/
[root@localhost tls]# cp certs/localhost.crt /usr/local/httpd/conf/server.crt
[root@localhost tls]# cp private/localhost.key /usr/local/httpd/conf/server.key
2. 方式二,使用openssl工具手动生成
1)创建密钥文件server.key
[root@localhost ~]# cd /usr/local/httpd/conf/
[root@localhost conf]# openssl genrsa -out server.key 1024
[root@localhost conf]# chmod 600 server.key
2)生成签名请求文件server.csr
[root@localhost conf]# openssl req -new -key server.key -out server.csr
3)以私钥进行签名,创建数字证书文件server.crt
[root@localhost conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
[root@localhost conf]# ls -l server.*
-rw-r--r-- 1 root root 944 12-27 19:55 server.crt
-rw-r--r-- 1 root root 700 12-27 19:52 server.csr
-rw------- 1 root root 887 12-27 19:46 server.key
三、调整httpd服务配置,添加HTTPS支持
1. 修改https-ssl文件
[root@localhost ~]# vi /usr/local/httpd/conf/extra/httpd-ssl.conf
......
Listen 443
DocumentRoot "/usr/local/httpd/htdocs"
ServerName
......
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/usr/local/httpd/conf/server.crt"
SSLCertificateKeyFile "/usr/local/httpd/conf/server.key"
......
2. 修改httpd.conf文件
[root@localhost ~]# vi /usr/local/httpd/conf/httpd.conf
......
Include conf/extra/httpd-ssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
RewriteEngine on //启动并添加转向策略
RewriteCond %{SERVER_PORT}!^443$
RewriteRule (.*) https://%{SERVER_NAME}/[R]
3. 重启httpd服务
[root@localhost ~]# /usr/local/httpd/bin/apachectl restart
四、访问测试
直接访问
间接访问 ,浏览器根据服务器端配置自动跳为
##############################################################################
阅读(2799) | 评论(0) | 转发(1) |