Chinaunix首页 | 论坛 | 博客
  • 博客访问: 180497
  • 博文数量: 55
  • 博客积分: 207
  • 博客等级: 入伍新兵
  • 技术积分: 320
  • 用 户 组: 普通用户
  • 注册时间: 2010-04-23 19:33
文章分类
文章存档

2012年(53)

2011年(2)

分类:

2012-06-21 14:36:53

原文地址:apache下https的配置! 作者:qingheliu

安装apache
1:安装apr
cd /home/liuxiaojie/httpd-2.2.15/srclib/apr
mkdir -p /usr/local/apache2/apr
./configure  --prefix=/usr/local/apache2/apr
make
make install
2:安装apr-util
cd /home/liuxiaojie/httpd-2.2.15/srclib/apr-util
mkdir -p /usr/local/apache2/apr-util
./confiugre  --with-apr=/usr/local/apache2/apr/bin/apr-1-config --prefix=/usr/local/apache2/apr-util
3:安装apache
./configure --with-apr=/usr/local/apache2/apr/bin/apr-1-config  --with-apr-util=/usr/local/apache2/apr-util/bin/apu-1-config   --enable-so  --enable-rewrite --enable-ssl --prefix=/opt/apache2
make
make install
 
即可安装!
下面是生成证书和修改配置的阶段!
cd /opt/apache2/conf
mkdir ssl ssl.key ssl.crt

  1. [root@ungeoxliu conf]# openssl req -new -out server.csr
  2. Generating a 1024 bit RSA private key
  3. .....
  4. .....
  5. writing new private key to 'privkey.pem'
  6. Enter PEM pass phrase:
  7. Verifying - Enter PEM pass phrase:
  8. -----
  9. You are about to be asked to enter information that will be incorporated
  10. into your certificate request.
  11. What you are about to enter is what is called a Distinguished Name or a DN.
  12. There are quite a few fields but you can leave some blank
  13. For some fields there will be a default value,
  14. If you enter '.', the field will be left blank.
  15. -----
  16. Country Name (2 letter code) [GB]:CN
  17. State or Province Name (full name) [Berkshire]:SuZhou
  18. Locality Name (eg, city) [Newbury]:SuZhou
  19. Organization Name (eg, company) [My Company Ltd]:ungeo
  20. Organizational Unit Name (eg, section) []:ungeo
  21. Common Name (eg, your name or your server's hostname) []:ungeo.com
  22. Email Address []:helloabc@yahoo.com.cn
  23. Please enter the following 'extra' attributes
  24. to be sent with your certificate request
  25. A challenge password []:1234
  26. An optional company name []:ungeo
  27. [root@ungeoxliu conf]# ll server.csr
即可显示server.csr!
 
[root@ungeoxliu conf]# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...................
.................
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@ungeoxliu conf]# ls server.key
server.key
 [root@ungeoxliu conf]# cat server.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,37C22FE1C78F25E0
uO 2IbS6jJhTVaKTm875Lk33LnDDNWvC/fJw3vdzyHJdiMVHiluzEqgNXLryPrZy
sAQRFl7pK1zgo2 yN/rp0WdP/aWd1PMePmHNbBBqL4Lwk11cSuQlrA8SO6YQNaJ8
jCEi2L0TlGhnuFyaArIDCzTnVI7HoH3ZUqMaPr8n3KTOVxtBfRp574/udjfAl9yR
arsJoGs9akTJpLF7LPmfk8WQaVkTxxmUP2QcbJAya1VRyPbCfAb1dVEmNMP/i3Zb
jAh2FEB8fQB4YoYHjIfbRzMeY9j f4lvJ RgFiPMn0Ly8zQG/upg7S7TZKuvHTKV
hILPvheqCEV50PA2p9BNbHc6rLmkzvVoysthGrabHd/qGd78R3h439WJYt5rdZGf
oDyPXFzzpWeZAuzq p3kKKHENYp bZj8S2tKWodH5TFwTnL89ooT0k0tzEkz/wCJ
Xzfk5FitFDYYlViQipBWsd22ixGX5DXxEfTZk3H5s3hv1RKNY2e35H9QcJ9/3yz/
AooMDpufnbGFeOU 9TQxV5ZtKCavlB2myqPnPTzUYRL9AJ7ac6YSXMciWDclFWfF
zesUgqDQUy / l8MMldVqjO7wmZBDbo3Gd1 C wvjA xpGR3 6C61ZZxcXuxcRSf
2yCkvrVkIHwSmVUpOj Mgd7MHCQrLAsWB3WTysQhYABTCMUr8KrBnbB9xUijHC86
DazvK2nev9z0Z5gJ/YBeVz5kjzo9v7cQsg/jmSGw72rVuQaEJ6qLiuSfkFlSUyCf
HBBuM8SSknOS1uXHbSsfckl0dR7wGpuyDQmO K/aNGUNDqV5cY60bg==
-----END RSA PRIVATE KEY-----
[root@ungeoxliu conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok

Getting Private key
 
 
修改配置文件的相关内容:
 
[root@ungeoxliu extra]# pwd
/opt/apache2/conf/extra
[root@ungeoxliu extra]# ls
httpd-autoindex.conf  httpd-info.conf       httpd-mpm.conf                 httpd-userdir.conf
httpd-dav.conf        httpd-languages.conf  httpd-multilang-errordoc.conf  httpd-vhosts.conf
httpd-default.conf    httpd-manual.conf     httpd-ssl.conf
[root@ungeoxliu extra]# cat httpd-ssl.conf  | grep SSLCertificateFile
#   Point SSLCertificateFile at a PEM encoded certificate.  If
SSLCertificateFile "/opt/apache2/conf/ssl.crt/server.crt"
#SSLCertificateFile "/opt/apache2/conf/server-dsa.crt"
#   the referenced file can be the same as SSLCertificateFile
[root@ungeoxliu extra]# cat httpd-ssl.conf  | grep  SSLCertificateKeyFile
SSLCertificateKeyFile "/opt/apache2/conf/ssl.key/server.key"
#SSLCertificateKeyFile "/opt/apache2/conf/server-dsa.key"
[root@ungeoxliu conf]# cat httpd.conf  | grep ssl
Include conf/extra/httpd-ssl.conf ##将Include前的#去掉即可!
 
修改相关参数:
#   General setup for the virtual host
DocumentRoot /usr/vhome/a/b/c/abc.com/www
 
  Order deny,allow
  Allow from all
 >  ##红色字体部分必须添加,否则就会出现403权限的问题!
ServerName
ServerAdmin
ErrorLog "/opt/apache2/logs/error_log"
TransferLog "/opt/apache2/logs/access_log"
......
 
在C:\Windows\System32\drivers\etc下编辑hosts文件
添加如下记录:
192.168.1.107   ###107为Apache Server 的ip
 
 
 
 
阅读(8894) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~