Apache配置SSL
2016-03-18 17:10
639 查看
1:配置Apache以支持SSl
打开Apache的配置文件conf/httpd.conf,去掉下面两行前面的#
LoadModule ssl_module modules/mod_ssl.so
Include con/extra/httpd-ssl.conf
修改httpd-ssl.conf文件的下面两个字段
SSLCertificateFile “/usr/local/apache2/conf/server.crt”
SSLCertificateKeyFile “/usr/local/apache2/conf/server.key”
2:为网站服务器生成证书及私钥文件
#生成服务器的私钥
openssl genrsa -out server.key 1024
#生成签署申请
openssl req -new -out server.csr -key server.key -config /etc/pki/tls/openssl.cnf
3:通过CA为网站服务器签署证书
#生成CA私钥
openssl genrsa -out ca.key 1024
#利用CA的私钥产生CA的自签署证书
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config /etc/pki/tls/openssl.cnf
#注意Common Name为服务器域名,
#CA为网站服务器签署证书
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
这时会出现下面的错误
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/index.txt: No such file or directory
unable to open '/etc/pki/CA/index.txt'
140131066963784:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/index.txt','r')
140131066963784:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
提示缺少文件,那我们就生成一个空文件
touch /etc/pki/CA/index.txt
继续执行
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
又出现/etc/pki/CA/serial相关的错误,
还是缺少文件,这里生成一个内容为01的文件
echo ’01’ > /etc/pki/CA/serial
再执行
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
就没有问题了
4:将这两个server.crt,server.key放在apache的conf文件夹,重启Apache
5:修改httpd-vhost.conf以支持https访问方式,端口号443
<VirtualHost *:443>
ServerAdmin devel@localhost
ServerName 10.14.2.217
ProxyPass /hw/ ajp://10.14.2.217:8009/hw/
ProxyPassReverse /hw/ ajp://10.14.2.217:8009/hw/
ProxyPass /public_files/ ajp://10.14.2.217:8009/public_files/
ProxyPassReverse /public_files/ ajp://10.14.2.217:8009/public_files/
<Location /home/devel/tomcat/webapps/public_files>
Order allow,deny
Allow from all
</Location>
SSLEngine on
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
SSLCertificateFile /usr/local/apache2/conf/server.crt
ErrorLog logs/217-error.log
CustomLog logs/217-access.log common
</VirtualHost>
当然可以加一个用http访问的项目,端口号80
打开Apache的配置文件conf/httpd.conf,去掉下面两行前面的#
LoadModule ssl_module modules/mod_ssl.so
Include con/extra/httpd-ssl.conf
修改httpd-ssl.conf文件的下面两个字段
SSLCertificateFile “/usr/local/apache2/conf/server.crt”
SSLCertificateKeyFile “/usr/local/apache2/conf/server.key”
2:为网站服务器生成证书及私钥文件
#生成服务器的私钥
openssl genrsa -out server.key 1024
#生成签署申请
openssl req -new -out server.csr -key server.key -config /etc/pki/tls/openssl.cnf
3:通过CA为网站服务器签署证书
#生成CA私钥
openssl genrsa -out ca.key 1024
#利用CA的私钥产生CA的自签署证书
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt -config /etc/pki/tls/openssl.cnf
#注意Common Name为服务器域名,
#CA为网站服务器签署证书
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
这时会出现下面的错误
Using configuration from /etc/pki/tls/openssl.cnf
/etc/pki/CA/index.txt: No such file or directory
unable to open '/etc/pki/CA/index.txt'
140131066963784:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/pki/CA/index.txt','r')
140131066963784:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
提示缺少文件,那我们就生成一个空文件
touch /etc/pki/CA/index.txt
继续执行
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
又出现/etc/pki/CA/serial相关的错误,
还是缺少文件,这里生成一个内容为01的文件
echo ’01’ > /etc/pki/CA/serial
再执行
openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config /etc/pki/tls/openssl.cnf
就没有问题了
4:将这两个server.crt,server.key放在apache的conf文件夹,重启Apache
5:修改httpd-vhost.conf以支持https访问方式,端口号443
<VirtualHost *:443>
ServerAdmin devel@localhost
ServerName 10.14.2.217
ProxyPass /hw/ ajp://10.14.2.217:8009/hw/
ProxyPassReverse /hw/ ajp://10.14.2.217:8009/hw/
ProxyPass /public_files/ ajp://10.14.2.217:8009/public_files/
ProxyPassReverse /public_files/ ajp://10.14.2.217:8009/public_files/
<Location /home/devel/tomcat/webapps/public_files>
Order allow,deny
Allow from all
</Location>
SSLEngine on
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
SSLCertificateFile /usr/local/apache2/conf/server.crt
ErrorLog logs/217-error.log
CustomLog logs/217-access.log common
</VirtualHost>
当然可以加一个用http访问的项目,端口号80
相关文章推荐
- 实现在CMD中用命令运行apache
- SAX解析错误,org.apache.harmony.luni.util.FloatingPointParser.parseDouble(FloatingPointParser.java:267)
- opencv和apache和c#的关联
- How-to: Install Apache Zeppelin on CDH
- Linux中的Apache服务查看和启动的方法
- centos7.0 yum 安装php服务器(apache2.4 php 5.4/5.5/5.6/7.0)
- 编译安装apache
- apache和opencv和linq的关联
- commonio和jetty和apache的关联
- excel和javascript和apache的关联
- apache和aspx和javascript的关联
- spring和ruby和apache的关联
- php和apache和dll的关联
- Apache流处理框架对比
- Apache多端口多目录配置方法
- CentOS下查看apache,php,mysql版本信息
- MAC 配置 多端口(虚拟主机) apache 总结
- Apache安装问题:configure: error: APR not found . Please read the documentation
- Apache-openmeetings2.x-3.x的安装手册
- mac osx 配置apache ant binary