rpm -q mod_ssl
首先要确认已经安装了这个包。
# cd /etc/httpd/conf //进入apache配置文件存放目录
# rm -f ssl.*/server.* //将mod_ssl自动安装的相关证书和签名文件删除
# openssl genrsa -des3 1024 > ssl.key/server.key //生成私钥文件(Private Key)该文件要求输入口令
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key //如果不想使用口令可以去掉,这时会要求输入生成时设置的口令
# openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr //生成证书签名请求文件(Certificate Signing Request)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH //输入国家名称
State or Province Name (full name) [Berkshire]:BeiJing //省名
Locality Name (eg, city) [Newbury]:Beijing //城市
Organization Name (eg, company) [My Company Ltd]:XHCE //组织名称
Organizational Unit Name (eg, section) []:BJXH //单位名称
Common Name (eg, your name or your server's hostname) []:svn.xxx.com //根据具体情况填写,不要写错
Email Address []:weisheng213@126.com //邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //质询密码,可以不写
An optional company name []: //可以不写
# openssl x509 -in ssl.csr/server.csr -out ssl.crt/server.crt -req -signkey ssl.key/server.key -days 365 //让服务器自己当证书签名服务器,安全电子商务中需要向第三方商业机构申请
Signature ok
subject=/C=CH/ST=BeiJing/L=Beijing/O=XHCE/OU=BJXH/CN=http://yuan2.blog.51cto.com/emailAddress=weisheng213@126.com
Getting Private key
# vi ../conf.d/ssl.conf //编辑mod_ssl的主配置文件将
#DocumentRoot "/var/www/html" //前面的#号去掉
# service httpd restart //重启apache服务器以读取新的证书信息
阅读(1224) | 评论(0) | 转发(0) |
