Chinaunix首页 | 论坛 | 博客
  • 博客访问: 368711
  • 博文数量: 100
  • 博客积分: 1894
  • 博客等级: 上尉
  • 技术积分: 951
  • 用 户 组: 普通用户
  • 注册时间: 2007-12-11 23:17
文章分类

全部博文(100)

文章存档

2018年(3)

2014年(2)

2013年(7)

2012年(10)

2011年(8)

2010年(6)

2009年(63)

2008年(1)

分类: LINUX

2010-08-30 20:16:02

apache2.0 https

首先安装SSL,再编译安装APACHE,再配置证书即可

1.下载apache和openssl
网址:

     
2.解压
#tar zxvf httpd-2.0.54.tar.gz
#tar zxvf openssl-0.9.7g.tar.gz
3.编译安装openssl,这个软件主要是用来生成证书:
#cd openssl-0.9.7g
#./config
#make
#make test
#make install
把openssl放进内核目录下,使其在任何目录下都能运行。
#cd /usr/local/bin
#ln -s /usr/local/ssl/bin/openssl openssl
4.编译安装apache
#cd /opt/httpd-2.0.54
#./configure --prefix="/opt/apache2" --enable-so --enable-ssl --with-ssl="/usr/local/ssl/bin"
#make
#make install
5.安装完毕,生成证书:
在/opt/apache2/conf下建立一个ssl.key目录
#cd ../apache2/
#cd conf/
#mkdir ssl.key
然后在该目录下生成证书:
#cd ssl.key/
生成服务器私钥:
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
生成服务器证书请求,并按要求填些相关证书信息:
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:tangyl@ruyi.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
签证:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.crt
Signature ok

Getting Private key
Enter pass phrase for server.key:
为了安全,然后我们把这些文件的权限都设为400
chmod 400 server.key
chmod 400 server.cert

最后对/opt/apache2/conf/ssl.conf 进行修改:

vi /opt/apache2/conf/ssl.conf
修改的地方如下几处:
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt #108行
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key   #116行
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key

这样我们就基本配好了ssl现在我们来让apache启动ssl

/opt/apache2/bin/apachectl start

然后要求输入证书密码,正确输入后ssl就连同apache一起启动


在浏览器中输入:

要求下载证书,OK~好了~结束~就是这么简单。

参考:
        

阅读(1726) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~