\u4e00\u3001\u5b89\u88c5\u5e26ssl\u7684Apache2.2.21<\/strong><\/div>\n
1\u3001\u5b89\u88c5apache\u4e4b\u524d\u9700\u8981\u5148\u68c0\u67e5openssl\u662f\u5426\u5b89\u88c5\u5b8c\u6bd5\uff0cyum list \"*openssl*\"\uff0c\u5982\u679c\u6ca1\u6709\u7528yum\u5b89\u88c5\u4e0b\u5373\u53ef<\/strong><\/span><\/div>\n
2\u3001apache\u5b89\u88c5\uff0c\u7f51\u4e0a\u6587\u6863\u5f88\u591a\uff0c\u4ee5\u4e0b\u662f\u4e13\u95e8\u9488\u5bf9ssl\u7684\u7f16\u8bd1\u53c2\u6570<\/strong><\/span><\/div>\n
\r\n# cd \/usr\/local\/src\/tarbag\r\n# wget http:\/\/labs.renren.com\/apache-mirror\/\/httpd\/httpd-2.2.21.tar.gz\r\n# tar xzvf httpd-2.2.21.tar.gz -C ..\/software\r\n# cd ..\/software\/httpd-2.2.21\r\n# .\/configure --prefix=\/usr\/local\/apache --enable-so --enable-ssl --enable-rewrite --enable-headers --with-mpm=worker --enable-expires --enable-suexec --with-suexec-docroot=\/data\/www --enable-mods-shared=all\r\n# make && make install\r\n# rm -rf \/etc\/init.d\/httpd\r\n# cp \/usr\/local\/apache\/bin\/apachectl \/etc\/init.d\/httpd\r\n# sed -i '2c#chkconfig: 35 85 15' \/etc\/init.d\/httpd\r\n# sed -i '3c#description: apache' \/etc\/init.d\/httpd\r\n# chmod x \/etc\/init.d\/httpd\r\n# chkconfig --add httpd\r\n# chkconfig httpd on\r\n# rm -rf \/sbin\/apachectl\r\n# ln -s \/usr\/local\/apache\/bin\/apachectl \/sbin<\/pre>\n
\u4e8c\u3001\u751f\u6210\u8bc1\u4e66<\/strong><\/div>\n
1\u3001\u751f\u6210\u8bc1\u4e66\u5b58\u653e\u76ee\u5f55<\/strong><\/span><\/div>\n
\u5b89\u88c5\u597dapache\u540e\uff0c\u7b2c\u4e00\u65f6\u95f4\u751f\u6210\u8bc1\u4e66\uff0c\u5728\u751f\u6210\u8bc1\u4e66\u4e4b\u524d\u5148\u51c6\u5907\u751f\u6210\u4e00\u4e2a\u8bc1\u4e66\u5b58\u653e\u7684\u76ee\u5f55<\/p>\n
\r\n# cd \/usr\/local\/apache\/conf\r\n# mkdir ssl.key\r\n# cd ssl.key\/<\/pre>\n
2\u3001\u52063\u6b65\u751f\u6210\u670d\u52a1\u5668\u7b7e\u540d\u7684\u8bc1\u4e66<\/strong><\/span><\/div>\n
step.1<\/p>\n
\u9996\u5148\u8981\u751f\u6210\u670d\u52a1\u5668\u7aef\u7684\u79c1\u94a5(key\u6587\u4ef6)<\/p>\n
\r\n# openssl genrsa -des3 -out server.key 1024<\/pre>\n
\u8fd0\u884c\u65f6\u4f1a\u63d0\u793a\u8f93\u5165\u5bc6\u7801,\u6b64\u5bc6\u7801\u7528\u4e8e\u52a0\u5bc6key\u6587\u4ef6\uff0c\u53bb\u9664key\u6587\u4ef6\u53e3\u4ee4\u7684\u547d\u4ee4:<\/p>\n
\r\n....................... \r\n................................................. \r\ne is 65537 (0x10001)\r\nEnter pass phrase for server.key:\r\nVerifying - Enter pass phrase for server.key:<\/pre>\n
step.2<\/p>\n
\u751f\u6210Certificate Signing Request\uff08CSR\uff09,\u751f\u6210\u7684csr\u6587\u4ef6\u4ea4\u7ed9CA\u7b7e\u540d\u540e\u5f62\u6210\u670d\u52a1\u7aef\u81ea\u5df1\u7684\u8bc1\u4e66.\u5c4f\u5e55\u4e0a\u5c06\u6709\u63d0\u793a,\u4f9d\u7167\u5176\u6307\u793a\u4e00\u6b65\u4e00\u6b65\u8f93\u5165\u8981\u6c42\u7684\u4e2a\u4eba\u4fe1\u606f\u5373\u53ef.<\/p>\n
\r\n# openssl req -new -key server.key -out server.csr<\/pre>\n
\u770b\u5230\u5982\u4e0b\u63d0\u793a\uff0c\u5e76\u6309\u7167\u63d0\u793a\u8f93\u5165\u76f8\u5173\u4fe1\u606f\u5373\u53ef\u751f\u6210\u5bc6\u94a5<\/p>\n
\r\nEnter pass phrase for server.key:\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [GB]:CN\r\nState or Province Name (full name) [Berkshire]:FJ\r\nLocality Name (eg, city) [Newbury]:FZ\r\nOrganization Name (eg, company) [My Company Ltd]:company\r\nOrganizational Unit Name (eg, section) []:company\r\nCommon Name (eg, your name or your server's hostname) []:ty\r\nEmail Address []:ty@company.com\r\n\r\nPlease enter the following 'extra' attributes\r\nto be sent with your certificate request\r\nA challenge password []:company\r\nAn optional company name []:company<\/pre>\n
\u5982\u679c\u8981\u751f\u6210\u5ba2\u6237\u7aef\u8bc1\u4e66\uff0c\u90a3\u4e48\u5bf9\u5ba2\u6237\u7aef\u4e5f\u4f5c\u540c\u6837\u7684\u547d\u4ee4\u751f\u6210key\u53cacsr\u6587\u4ef6:<\/p>\n
openssl genrsa -des3 -out client.key 1024
\r\nopenssl req -new -key client.key -out client.csr -config openssl.cnf<\/pre>\n<\/p>\n
\u8fd9\u91cc\u5c31\u4e0d\u505a\u6f14\u793a\u4e86\uff0c\u6709\u5174\u8da3\u7684\u670b\u53cb\u53ef\u4ee5\u53bb\u5c1d\u8bd5\u4e0b\u3002<\/p>\n
step.3<\/p>\n
CSR\u6587\u4ef6\u5fc5\u987b\u6709CA\u7684\u7b7e\u540d\u624d\u53ef\u5f62\u6210\u8bc1\u4e66.\u53ef\u5c06\u6b64\u6587\u4ef6\u53d1\u9001\u5230verisign\u7b49\u5730\u65b9\u7531\u5b83\u9a8c\u8bc1.\u81ea\u5df1\u751f\u6210<\/p>\n
\r\n# openssl req -new -key server.key -out server.csr<\/pre>\n
\u770b\u5230\u5982\u4e0b\u63d0\u793a\uff0c\u8f93\u5165\u5bc6\u7801\uff0c\u5373\u53ef\u5b8c\u6210<\/p>\n
\r\nSignature ok\r\nsubject=\/C=CN\/ST=FJ\/L=FZ\/O=poppace\/OU=poppace\/CN=ty\/emailAddress=ty@poppace.com\r\nGetting Private key\r\nEnter pass phrase for server.key:<\/pre>\n
\u4e3a\u4e86\u5b89\u5168\u8d77\u89c1\u8981\u5c06\u8bc1\u4e66\u76f8\u5173\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u964d\u5230\u6700\u4f4e<\/p>\n
\r\n# chmod 400 *<\/pre>\n
\u8bc1\u4e66\u751f\u6210\u5b8c\u6bd5\uff0c\u63a5\u4e0b\u6765\u53ef\u4ee5\u914d\u7f6eapache\u4e86\u3002<\/p>\n
\u4e09\u3001\u914d\u7f6eapache<\/strong><\/div>\n
1\u3001\u5728httpd.conf\u4e2d\u6253\u5f00vhosts\u548cssl\u7684\u914d\u7f6e\u6587\u4ef6<\/strong><\/span><\/div>\n
\r\n# vi \/usr\/local\/apache\/conf\/httpd.conf<\/pre>\n
\u6253\u5f00vhosts\u914d\u7f6e\uff0c\u8df3\u8f6c\u5230447\u884c\u548c459\u884c\uff0c\u53d6\u6d88\u6389Include conf\/extra\/httpd-vhosts.conf\u548cInclude conf\/extra\/httpd-ssl.conf\u4e4b\u524d\u7684\u6ce8\u91ca<\/p>\n
2\u3001\u914d\u7f6evhosts<\/strong><\/span><\/div>\n
\r\n# vi \/usr\/local\/apache\/conf\/extra\/httpd-vhosts.conf<\/pre>\n
\u7279\u522b\u9700\u8981\u6ce8\u610f443\u6bb5\u7684\u914d\u7f6e\uff0c\u53ef\u5728httpd-ssl.conf\u4e2d\u627e\u5230\u76f8\u5173\u8bf4\u660e<\/p>\n
\r\nNameVirtualHost *:80\r\nNameVirtualHost *:443\r\n\r\n<VirtualHost *:80>\r\nDocumentRoot \"\/data\/www\/\"\r\nServerName 192.168.1.201\r\n<Directory \/data\/www\/>\r\nOrder allow,deny\r\nAllow from all\r\nOptions -Indexes FollowSymLinks\r\nAllowOverride All\r\n<\/Directory>\r\n<\/VirtualHost>\r\n\r\n<VirtualHost *:443>\r\nDocumentRoot \"\/data\/www\/\"\r\nServerName 192.168.1.201:443\r\nSSLEngine on\r\nSSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP: eNULL\r\nSSLCertificateFile \"\/usr\/local\/apache\/conf\/ssl.key\/server.cert\"\r\nSSLCertificateKeyFile \"\/usr\/local\/apache\/conf\/ssl.key\/server.key\"\r\n<FilesMatch \".(cgi|shtml|phtml|php)$\">\r\nSSLOptions StdEnvVars\r\n<\/FilesMatch>\r\n<Directory \/data\/www\/>\r\nOrder allow,deny\r\nAllow from all\r\nOptions -Indexes FollowSymLinks\r\nAllowOverride All\r\n<\/Directory>\r\nBrowserMatch \".*MSIE.*\" \r\nnokeepalive ssl-unclean-shutdown \r\ndowngrade-1.0 force-response-1.0\r\n<\/VirtualHost><\/pre>\n
3\u3001\u4fee\u6539httpd-ssl.conf\u7684\u76f8\u5173\u914d\u7f6e<\/strong><\/span><\/div>\n
\r\n# vi \/usr\/local\/apache\/conf\/extra\/httpd-ssl.conf<\/pre>\n
\u641c\u7d22SSLCertificateFile<\/p>\n
\u5e76\u5c06\uff1a\uff0899\u884c\uff09SSLCertificateFile \"\/usr\/local\/apache\/conf\/server.crt\"
\r\n\u6539\u4e3a\uff1aSSLCertificateFile \"\/usr\/local\/apache\/conf\/ssl.key\/server.cert\"
\r\n<\/pre>\n<\/p>\n
\u641c\u7d22SSLCertificateKeyFile<\/p>\n
\u5e76\u5c06\uff1a\uff08107\u884c\uff09SSLCertificateKeyFile \"\/usr\/local\/apache\/conf\/server.key\"
\r\n\u6539\u4e3a\uff1aSSLCertificateKeyFile \"\/usr\/local\/apache\/conf\/ssl.key\/server.key\"<\/pre>\n<\/p>\n
4\u3001\u91cd\u542fapache<\/strong><\/span><\/div>\n
\r\n# service httpd start\r\nApache\/2.2.21 mod_ssl\/2.2.21 (Pass Phrase Dialog)\r\nSome of your private key files are encrypted for security reasons.\r\nIn order to read them you have to provide the pass phrases.\r\n\r\nServer www.example.com:443 (RSA)\r\nEnter pass phrase:\r\n\r\nOK: Pass Phrase Dialog successful.<\/pre>\n
\u73b0\u5728\u7528\u6d4f\u89c8\u5668\u8bbf\u95ee\u4e0bhttps:\/\/192.168.1.201\uff0c\u5373\u5927\u544a\u5927\u529f\u3002<\/p>\n
\n
\u539f\u6587\u6765\u81ea\uff1ahttp:\/\/www.ttlsa.com\/apache\/apache-2-https\/<\/a><\/p>\n
\u672c\u6587\u5730\u5740\uff1a http:\/\/lrxjmw.cn\/apache-virtual-host.html<\/a>\u7f16\u8f91\uff1a\u51af\u632f\u534e\uff0c\u5ba1\u6838\u5458\uff1a\u9004\u589e\u5b9d<\/span><\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u5b89\u88c5\u5e26ssl\u7684Apache2.2.21 1\u3001\u5b89\u88c5apache\u4e4b\u524d\u9700\u8981\u5148\u68c0\u67e5openssl\u662f\u5426\u5b89\u88c5\u5b8c\u6bd5\uff0cyu […]<\/p>\n","protected":false},"author":63,"featured_media":47401,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-47370","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=47370"}],"version-history":[{"count":13,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47370\/revisions"}],"predecessor-version":[{"id":270795,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/47370\/revisions\/270795"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/47401"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=47370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=47370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=47370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}