Apache 配置https虚拟主机
来源:互联网 发布:淘宝对接什么意思 编辑:程序博客网 时间:2024/06/06 20:08
# cd /usr/local/src/tarbag# wget http://labs.renren.com/apache-mirror//httpd/httpd-2.2.21.tar.gz# tar xzvf httpd-2.2.21.tar.gz -C ../software# cd ../software/httpd-2.2.21# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl --enable-rewrite --enable-headers --with-mpm=worker --enable-expires --enable-suexec --with-suexec-docroot=/data/www --enable-mods-shared=all# make && make install# rm -rf /etc/init.d/httpd# cp /usr/local/apache/bin/apachectl /etc/init.d/httpd# sed -i '2c#chkconfig: 35 85 15' /etc/init.d/httpd# sed -i '3c#description: apache' /etc/init.d/httpd# chmod x /etc/init.d/httpd# chkconfig --add httpd# chkconfig httpd on# rm -rf /sbin/apachectl# ln -s /usr/local/apache/bin/apachectl /sbin
安装好apache后,第一时间生成证书,在生成证书之前先准备生成一个证书存放的目录
# cd /usr/local/apache/conf# mkdir ssl.key# cd ssl.key/
step.1
首先要生成服务器端的私钥(key文件)
# openssl genrsa -des3 -out server.key 1024
运行时会提示输入密码,此密码用于加密key文件,去除key文件口令的命令:
....................... ................................................. e is 65537 (0x10001)Enter pass phrase for server.key:Verifying - Enter pass phrase for server.key:
step.2
生成Certificate Signing Request(CSR),生成的csr文件交给CA签名后形成服务端自己的证书.屏幕上将有提示,依照其指示一步一步输入要求的个人信息即可.
# openssl req -new -key server.key -out server.csr
看到如下提示,并按照提示输入相关信息即可生成密钥
Enter pass phrase for server.key:You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [GB]:CNState or Province Name (full name) [Berkshire]:FJLocality Name (eg, city) [Newbury]:FZOrganization Name (eg, company) [My Company Ltd]:companyOrganizational Unit Name (eg, section) []:companyCommon Name (eg, your name or your server's hostname) []:tyEmail Address []:ty@company.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:companyAn optional company name []:company
如果要生成客户端证书,那么对客户端也作同样的命令生成key及csr文件:
openssl genrsa -des3 -out client.key 1024
openssl req -new -key client.key -out client.csr -config openssl.cnf
这里就不做演示了,有兴趣的朋友可以去尝试下。
step.3
CSR文件必须有CA的签名才可形成证书.可将此文件发送到verisign等地方由它验证.自己生成
# openssl req -new -key server.key -out server.csr
看到如下提示,输入密码,即可完成
Signature oksubject=/C=CN/ST=FJ/L=FZ/O=poppace/OU=poppace/CN=ty/emailAddress=ty@poppace.comGetting Private keyEnter pass phrase for server.key:
为了安全起见要将证书相关文件的访问权限降到最低
# chmod 400 *
证书生成完毕,接下来可以配置apache了。
# vi /usr/local/apache/conf/httpd.conf
打开vhosts配置,跳转到447行和459行,取消掉Include conf/extra/httpd-vhosts.conf和Include conf/extra/httpd-ssl.conf之前的注释
# vi /usr/local/apache/conf/extra/httpd-vhosts.conf
特别需要注意443段的配置,可在httpd-ssl.conf中找到相关说明
NameVirtualHost *:80NameVirtualHost *:443<VirtualHost *:80>DocumentRoot "/data/www/"ServerName 192.168.1.201<Directory /data/www/>Order allow,denyAllow from allOptions -Indexes FollowSymLinksAllowOverride All</Directory></VirtualHost><VirtualHost *:443>DocumentRoot "/data/www/"ServerName 192.168.1.201:443SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP: eNULLSSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"<FilesMatch ".(cgi|shtml|phtml|php)$">SSLOptions StdEnvVars</FilesMatch><Directory /data/www/>Order allow,denyAllow from allOptions -Indexes FollowSymLinksAllowOverride All</Directory>BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0</VirtualHost>
# vi /usr/local/apache/conf/extra/httpd-ssl.conf
搜索SSLCertificateFile
并将:(99行)SSLCertificateFile "/usr/local/apache/conf/server.crt"
改为:SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"
搜索SSLCertificateKeyFile
并将:(107行)SSLCertificateKeyFile "/usr/local/apache/conf/server.key"
改为:SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"
# service httpd startApache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog)Some of your private key files are encrypted for security reasons.In order to read them you have to provide the pass phrases.Server www.example.com:443 (RSA)Enter pass phrase:OK: Pass Phrase Dialog successful.
现在用浏览器访问下https://192.168.1.201,即大告大功。
本文原创地址:http://www.linuxprobe.com/apache-virtual-host.html
免费提供最新Linux技术教程书籍,为开源技术爱好者努力做得更多更好:http://www.linuxprobe.com/thread
- Apache 配置https虚拟主机
- Apache配置虚拟主机和多HTTPS服务
- linux下apache https 虚拟主机配置
- APACHE虚拟主机配置方法
- Apache虚拟主机的配置
- apache虚拟主机配置
- apache+weblogic虚拟主机配置
- Apache虚拟主机的配置
- apache 虚拟主机配置记录
- Apache 虚拟主机配置笔记
- apache虚拟主机配置
- apache虚拟主机配置
- apache虚拟主机配置小记
- windows apache 虚拟主机配置
- Apache 2.2 虚拟主机配置
- apache配置虚拟主机
- 配置Apache虚拟主机
- Jboss5+apache虚拟主机配置
- 任务控制块
- get、post、httpclient-get、httpclient-post
- 诉衷情
- Linux命令--待完整
- 【九度OJ】题目1023:EXCEL排序 解题报告
- Apache 配置https虚拟主机
- C/C++ 常量
- linux yum命令详解
- Entity Framework Code First约定
- 数据库常用命令总结
- PullToRefreshScrolleView
- Keepalived+Nginx架构配置
- 1.2.3
- java5、java6、java7、java8的新特性