apache2.2.21 安装 配置 https 附虚拟主机配置
2014-03-23 00:00
316 查看
环境:Centos5.7 + Apache2.2.21 用途:提供https的web服务器 相关文章: http://djxailc.blog.sohu.com/56732044.html http://greatdeer007.blog.163.com/blog/static/163665174201051232022335/ http://www.sxszjzx.com/~t096/phparticle/article.php/845 其他:说明一下,现在网上坑爹的文章太多了,需要经过自己筛选实践整理以后再发出来,有任何问题可以联系tonyty163@ttlsa.com 作者: 滕云 一、安装带ssl的Apache2.2.21 1、安装apache之前需要先检查openssl是否安装完毕,yum list "*openssl*",如果没有用yum安装下即可 2、apache安装,网上文档很多,以下是专门针对ssl的编译参数
https页面[/caption] 转载请注明出处:http://www.ttlsa.com/html/654.html
# cd /usr/local/src/tarbag # wget http://labs.renren.com/apache-mirror//httpd/httpd-2.2.21.tar.gz # tar xzvf httpd-2.2.21.tar.gz -C ../software # cd ../software/httpd-2.2.21 # ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-headers --with-mpm=worker --enable-expires --enable-suexec --with-suexec-docroot=/data/www --enable-mods-shared=all # make && make install # rm -rf /etc/init.d/httpd # cp /usr/local/apache/bin/apachectl /etc/init.d/httpd # sed -i '2c\#chkconfig: 35 85 15' /etc/init.d/httpd # sed -i '3c\#description: apache' /etc/init.d/httpd # chmod +x /etc/init.d/httpd # chkconfig --add httpd # chkconfig httpd on # rm -rf /sbin/apachectl # ln -s /usr/local/apache/bin/apachectl /sbin二、生成证书 1、安装好apache后,第一时间生成证书,在生成证书之前先准备生成一个证书存放的目录
# cd /usr/local/apache/conf # mkdir ssl.key # cd ssl.key/2、分3步生成服务器签名的证书 step.1 首先要生成服务器端的私钥(key文件)
# openssl genrsa -des3 -out server.key 1024运行时会提示输入密码,此密码用于加密key文件 去除key文件口令的命令:
.......................++++++ .................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key:step.2 生成Certificate Signing Request(CSR),生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.
# openssl req -new -key server.key -out server.csr看到如下提示,并按照提示输入相关信息即可生成密钥
Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:FJ Locality Name (eg, city) [Newbury]:FZ Organization Name (eg, company) [My Company Ltd]:company Organizational Unit Name (eg, section) []:company Common Name (eg, your name or your server's hostname) []:ty Email Address []:ty@company.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:company An optional company name []:company如果要生成客户端证书,那么对客户端也作同样的命令生成key及csr文件: openssl genrsa -des3 -out client.key 1024 openssl req -new -key client.key -out client.csr -config openssl.cnf 这里就不做演示了,有兴趣的朋友可以去尝试下。 step.3 CSR文件必须有CA的签名才可形成证书.可将此文件发送到verisign等地方由它验证.自己生成
# openssl req -new -key server.key -out server.csr看到如下提示,输入密码,即可完成
Signature ok subject=/C=CN/ST=FJ/L=FZ/O=poppace/OU=poppace/CN=ty/emailAddress=ty@poppace.com Getting Private key Enter pass phrase for server.key:为了安全起见要将证书相关文件的访问权限降到最低
# chmod 400 *证书生成完毕,接下来可以配置apache了 三、配置apache 1、在httpd.conf中打开vhosts和ssl的配置文件
# vi /usr/local/apache/conf/httpd.conf打开vhosts配置 跳转到447行和459行 取消掉Include conf/extra/httpd-vhosts.conf和Include conf/extra/httpd-ssl.conf之前的注释 2、配置vhosts
# vi /usr/local/apache/conf/extra/httpd-vhosts.conf特别需要注意443段的配置,可在httpd-ssl.conf中找到相关说明
NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> DocumentRoot "/data/www/" ServerName 192.168.1.201 <Directory /data/www/> Order allow,deny Allow from all Options -Indexes FollowSymLinks AllowOverride All </Directory> </VirtualHost> <VirtualHost *:443> DocumentRoot "/data/www/" ServerName 192.168.1.201:443 SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert" SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /data/www/> Order allow,deny Allow from all Options -Indexes FollowSymLinks AllowOverride All </Directory> BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost>3、修改httpd-ssl.conf的相关配置
# vi /usr/local/apache/conf/extra/httpd-ssl.conf搜索SSLCertificateFile 并将:(99行)SSLCertificateFile "/usr/local/apache/conf/server.crt" 改为:SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert" 注:本章生成的非crt,请注意修改随后的cert 搜索SSLCertificateKeyFile 并将:(107行)SSLCertificateKeyFile "/usr/local/apache/conf/server.key" 改为:SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key" 4、重启apache
# service httpd start Apache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. Server www.example.com:443 (RSA) Enter pass phrase: OK: Pass Phrase Dialog successful.现在用浏览器访问下https://192.168.1.201 如下图,即大功告成 [caption id="attachment_656" align="alignnone" width="300"]
https页面[/caption] 转载请注明出处:http://www.ttlsa.com/html/654.html
相关文章推荐
- apache2.2.21 安装 配置 https 附虚拟主机配置
- ubuntu SVN Apache SSL https 安装 与 配置
- ubuntu SVN Apache SSL https 安装 与 配置
- Ubuntu下APACHE HTTPS安装和配置
- 安装配置Apache支持https和fcgi
- Ubuntu下APACHE HTTPS安装和配置
- 下载编译安装Apache HTTP Server 2.4.23以及配置HTTP/HTTPS反向代理
- Ubuntu下APACHE HTTPS安装和配置
- Apache+php+mysql的安装与配置 - 之三(Apache的虚拟主机配置)
- linux下安装Apache(https) 服务器证书安装配置指南
- Apache+php+mysql的安装与配置 - 之三(Apache的虚拟主机配置)
- linux环境apache配置https详解,apache配置ssl证书EV, OV, DV——linux安装web服务器19
- https服务器的配置(一)编译安装apache2.4 (httpd)
- apache 配置安装ssl证书实现https安全访问全过程
- CentOS 下编译安装 Apache 并配置 SSL 模块以支持 HTTPS
- 网站升级HTTPS,免费SSL证书Let’s Encrypt安装使用教程:Apache和Nginx配置方法
- http需重定向到https时apache的rewrite模块配置和安装
- linux下安装Apache(https) 服务器证书安装配置指南
- windows安装并配置apache https 网站 &发布企业级iOS APP(enterprise)
- Ubuntu下APACHE HTTPS安装和配置