首先安装SSL,再编译安装APACHE,再配置证书即可
1.下载apache和openssl网址:http://www.apache.org http://www.openssl.org2.解压#tar zxvf httpd-2.0.54.tar.gz#tar zxvf openssl-0.9.7g.tar.gz3.编译安装openssl,这个软件主要是用来生成证书:#cd openssl-0.9.7g#./config#make#make test#make install把openssl放进内核目录下,使其在任何目录下都能运行。#cd /usr/local/bin#ln -s /usr/local/ssl/bin/openssl openssl4.编译安装apache#cd /opt/httpd-2.0.54#./configure –prefix="/opt/apache2" –enable-so –enable-ssl –with-ssl="/usr/local/ssl/bin"#make#make install5.安装完毕,生成证书:在/opt/apache2/conf下建立一个ssl.key目录#cd ../apache2/#cd conf/#mkdir ssl.key然后在该目录下生成证书:#cd ssl.key/生成服务器私钥:#openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus…………………..++++++………………………………………….++++++e is 65537 (0x10001)Enter pass phrase for server.key:Verifying – Enter pass phrase for server.key:生成服务器证书请求,并按要求填些相关证书信息:#openssl req -new -key server.key -out server.csrEnter pass phrase for server.key:You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:tylOrganization Name (eg, company) [Internet Widgits Pty Ltd]:tzOrganizational Unit Name (eg, div) []:tzCommon Name (eg, YOUR name) []:tylEmail Address []:tangyl@ruyi.comPlease enter the following ‘extra’ attributesto be sent with your certificate requestA challenge password []:An optional company name []:签证:# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.certSignature oksubject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tangyl@ruyi.comGetting Private keyEnter pass phrase for server.key:为了安全,然后我们把这些文件的权限都设为400chmod 400 server.keychmod 400 server.cert
最后对/opt/apache2/conf/ssl.conf 进行修改:
vi /opt/apache2/conf/ssl.conf修改的地方如下几处:#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt #108行SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert#SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key #116行#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key
这样我们就基本配好了ssl现在我们来让apache启动ssl
/opt/apache2/bin/apachectl startssl
然后要求输入证书密码,正确输入后ssl就连同apache一起启动
在浏览器中输入:https://210.75.18.36
要求下载证书,OK~好了~结束~就是这么简单。
参考:http://www.szlangxing.com/Article/gyw/200504/524.html http://www.chinaunix.net/jh/13/469276.html
Keytool应用实例:
1.产生一个keystore:
keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks
运行这个命令,系统提示:
Enter keystore password:(输入keystore密码:)yourpassword(输入密码)
What is your first and last name?(您的名字与姓氏是什么?)[Unknown]: www.myssl.cn(输入申请的证书的域名)
What is the name of your organizational unit? (您的组织单位名称是什么?)[Unknown]:Fastcom(输入你所在组织单位的名字)
What is the name of your organization? (您的组织名称是什么?)[Unknown]:Fastcom (输入你所在组织的名字)
What is the name of your City or Locality?(您所在的城市或区域名称是什么?)[Unknown]:Shanghai(输入所在城市的名字)
What is the name of your State or Province? (您所在的州或省份名称是什么?)[Unknown]:Shanghai(输入所在省份名字)
What is the two-letter country code for this unit?(该单位的两字母国家代码是什么?)[Unknown]:CN(输入国家名字,如果是中国,请输入CN)
Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:yes
一切伟大的行动和思想,都有一个微不足道的开始
