SSL设置
来源:互联网 发布:淘宝评价回复怎么匿名 编辑:程序博客网 时间:2024/05/20 05:07
※[]里的内容自行修正
1.创建密码文件夹
# cd /etc/apache2
# mkdir ssl.crt
# mkdir ssl.key
# mkdir tmp
2.CA密码
# cd tmp
# openssl genrsa -rand /var/adm/messages -out ca.key 1024
※/.profileのPATH里面必须加上 /usr/sfw/bin
3.生成CSR(CA的署名)
# openssl req -new -key ca.key -out ca.csr
Country Name (2 letter code) [US]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:orgName
Organizational Unit Name (eg, section) []:unitName
Common Name (eg, YOUR name) []:userName
Email Address []:example@example.com
A challenge password []:
An optional company name []:
4.CA证明书发行
# openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
5.服务器密码
# openssl genrsa -rand /var/adm/messages -out server.key 1024
6.生成CSR(服务器的署名)
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [US]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:orgName
Organizational Unit Name (eg, section) []:unitName
Common Name (eg, YOUR name) []:userName
Email Address []:example@example.com
A challenge password []:
An optional company name []:
7.证明书时效(1年)
# echo 01 > ca.srl
# openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAserial ca.srl -in server.csr -out server.crt
8.复制到/etc/apache2下面
# cp server.crt /etc/apache2/ssl.crt
# cp server.key /etc/apache2/ssl.key
9.httpd/ssl设定为TRUE
# svccfg -s apache2
svc:/network/http:apache2> setprop httpd/ssl = boolean: true
svc:/network/http:apache2> end
# svcadm refresh apache2
# svcprop -p httpd/ssl apache2
true
10.编辑ssl.conf
如果ssl.conf文件不存在,则如下复制
# cp /etc/apache2/ssl-std.conf /etc/apache2/ssl.conf
编辑/etc/apache2/ssl.conf
修改:
DocumentRoot "[DocumentRoot]"
<Directory "[DocumentRoot]">
# mkdir /var/run/apache2
# chmod -R 777 /var/run/apache2
11.重启apache2
# svcadm restart apache2
1.创建密码文件夹
# cd /etc/apache2
# mkdir ssl.crt
# mkdir ssl.key
# mkdir tmp
2.CA密码
# cd tmp
# openssl genrsa -rand /var/adm/messages -out ca.key 1024
※/.profileのPATH里面必须加上 /usr/sfw/bin
3.生成CSR(CA的署名)
# openssl req -new -key ca.key -out ca.csr
Country Name (2 letter code) [US]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:orgName
Organizational Unit Name (eg, section) []:unitName
Common Name (eg, YOUR name) []:userName
Email Address []:example@example.com
A challenge password []:
An optional company name []:
4.CA证明书发行
# openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt
5.服务器密码
# openssl genrsa -rand /var/adm/messages -out server.key 1024
6.生成CSR(服务器的署名)
# openssl req -new -key server.key -out server.csr
Country Name (2 letter code) [US]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Unconfigured OpenSSL Installation]:orgName
Organizational Unit Name (eg, section) []:unitName
Common Name (eg, YOUR name) []:userName
Email Address []:example@example.com
A challenge password []:
An optional company name []:
7.证明书时效(1年)
# echo 01 > ca.srl
# openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAserial ca.srl -in server.csr -out server.crt
8.复制到/etc/apache2下面
# cp server.crt /etc/apache2/ssl.crt
# cp server.key /etc/apache2/ssl.key
9.httpd/ssl设定为TRUE
# svccfg -s apache2
svc:/network/http:apache2> setprop httpd/ssl = boolean: true
svc:/network/http:apache2> end
# svcadm refresh apache2
# svcprop -p httpd/ssl apache2
true
10.编辑ssl.conf
如果ssl.conf文件不存在,则如下复制
# cp /etc/apache2/ssl-std.conf /etc/apache2/ssl.conf
编辑/etc/apache2/ssl.conf
修改:
DocumentRoot "[DocumentRoot]"
<Directory "[DocumentRoot]">
# mkdir /var/run/apache2
# chmod -R 777 /var/run/apache2
11.重启apache2
# svcadm restart apache2
- SSL设置
- SSL+IIS设置概要
- SSL+IIS设置概要
- SSL+IIS设置概要
- SSL+IIS设置概要
- BuildForge只设置SSL
- SOAPUI SSL 设置
- tomcat https ssl设置
- SOAPUI SSL 设置
- SSL P1364 医院设置
- 设置APACHE支持SSL
- 医院设置-SSL 1614
- tomcat设置SSL访问
- 设置vnc使用ssl
- ssl在tomcat中的设置
- IIS设置SSL加密站点
- FTP设置SSL安全加密
- javamail设置SSL发送邮件
- Android学习笔记 - Intent篇
- Attaching the script debugger to process *** failed on machine "***"
- IOS开发UI展示之UITableView ──分页加载
- AIX 5挂载Linux NFS失败处理-vmount operation not permitted
- ArCGIS API for Silverlight 实现闪烁标注功能
- SSL设置
- PHP创建与解析XML
- Android学习笔记 - Activity生命周期篇
- workthread 和 UIthread
- find语句
- ArcGIS 10.1 for Server修改计算机名称后,如何使Server工作起来
- svn常用命令
- SQL中如何查找存在某字段的存储过程
- vmware 虚拟机挂载不了共享文件夹的解决方法
