win7(64位)+apache(整合環境) 開啟openssl
阿新 • • 發佈:2019-01-10
6、apache中啟用ssl的相關配置
進入目錄apache/bin的目錄
1):生成金鑰
命令:openssl genrsa 1024 > server.key
2): 生成證書請求檔案
openssl req -config D:\Apache24\conf\openssl.cnf -new -key server.key > server.csr
下面的問題回答可以根據情況任意填寫
Country Name (2 letter code) [AU]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:ca
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:haha
Organizational Unit Name (eg, section) []:haha
Common Name (e.g. server FQDN or YOUR name) []:test.example.com.cn
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1111
An optional company name []:haha
步驟3: 生成證書
openssl req -config D:\Apache24\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt
openssl req -config D:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt
把得到的server.key和server.crt檔案拷貝到apache的對應目錄 conf/
步驟4: 配置apache
修改httpd-ssl.conf檔案
注意在此檔案中配置證書和金鑰
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
虛擬機器設定
NameVirtualHost *:443 (此句根據情況新增,有的版本不需要)
<VirtualHost *:443>
…………
</VirtualHost>
步驟5: 修改httpd.conf檔案
1)開啟ssl模組
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so
2)引入ssl配置檔案
Include conf/extra/httpd-ssl.conf
3)修改httpd-ssl.conf檔案中的
DocumentRoot
ServerName
4)如果你配置的虛擬機器,注意一下埠的訪問接受情況
NameVirtualHost *:80
<VirtualHost *:80>
…………
</VirtualHost>
5)啟用和socache相關的所有配置
6)重新啟動apache
用https方式訪問,檢視是否生效(新增例外)
注:如果無法啟動報錯,請在命令列執行下面的語句:
##檢查啟動報錯的問題:apache2.4是服務名稱
#cd apache安裝目錄/bin
#httpd.exe -w -n "apache2.4" -k start
根據報錯資訊進行修改
(如果需要CA證書)
進入目錄apache/bin的目錄
1):生成金鑰
命令:openssl genrsa 1024 > server.key
2): 生成證書請求檔案
openssl req -config D:\Apache24\conf\openssl.cnf -new -key server.key > server.csr
下面的問題回答可以根據情況任意填寫
Country Name (2 letter code) [AU]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:ca
State or Province Name (full name) [Some-State]:bj
Locality Name (eg, city) []:beijing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:haha
Organizational Unit Name (eg, section) []:haha
Common Name (e.g. server FQDN or YOUR name) []:test.example.com.cn
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:1111
An optional company name []:haha
步驟3: 生成證書
openssl req -config D:\Apache24\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt
openssl req -config D:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt
把得到的server.key和server.crt檔案拷貝到apache的對應目錄 conf/
步驟4: 配置apache
修改httpd-ssl.conf檔案
注意在此檔案中配置證書和金鑰
SSLCertificateFile /apache/conf/server.crt
SSLCertificateKeyFile /apache/conf/server.key
虛擬機器設定
NameVirtualHost *:443 (此句根據情況新增,有的版本不需要)
<VirtualHost *:443>
…………
</VirtualHost>
步驟5: 修改httpd.conf檔案
1)開啟ssl模組
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so
2)引入ssl配置檔案
Include conf/extra/httpd-ssl.conf
3)修改httpd-ssl.conf檔案中的
DocumentRoot
ServerName
4)如果你配置的虛擬機器,注意一下埠的訪問接受情況
NameVirtualHost *:80
<VirtualHost *:80>
…………
</VirtualHost>
5)啟用和socache相關的所有配置
6)重新啟動apache
用https方式訪問,檢視是否生效(新增例外)
注:如果無法啟動報錯,請在命令列執行下面的語句:
##檢查啟動報錯的問題:apache2.4是服務名稱
#cd apache安裝目錄/bin
#httpd.exe -w -n "apache2.4" -k start
根據報錯資訊進行修改
(如果需要CA證書)