apache2自簽名證書開啟ssl
阿新 • • 發佈:2019-01-24
生成私鑰檔案(需要輸入密碼)
openssl genrsa -des3 -out apache.key 1024
防止APACHE啟動 讀取私鑰檔案也需要輸入密碼 去除密碼輸入
openssl rsa -in apache.key -out apache.key
用私鑰 生成證書
openssl req -new -key apache.key -out apache.csr
建立根證書
openssl req -new -x509 -keyout ca.key -out ca.crt
使用根證書對生成的證書進行簽名
防止報錯 先建立一些目錄和檔案
mkdir -p demoCA/newCerts
touch demoCA/index.txt
echo "01">demoCA/serial
簽名
openssl ca -in apache.csr -out apache.crt -cert ca.crt -keyfile ca.key
自此 生成了證書所需的檔案
apache.key 私鑰檔案
apache.crt 證書檔案
ca.crt 根證書
在apache2中的虛擬主機進行如下配置(以下搭配了virtualdocumentroot 進行通用證書適配)
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAlias *.ie
VirtualDocumentRoot "/var/www/html/%1"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile/data/__APACHE_SSL/apache.crt
SSLCertificateKeyFile /data/__APACHE_SSL/apache.key
SSLCertificateChainFile /data/__APACHE_SSL/ca.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory / >
SSLOptions +StdEnvVars
Options FollowSymLinks IncludesNOEXEC
DirectoryIndex index.html index.htm default.htm index.php default.php index.cgi default.cgi index.shtml index.aspx default.aspx
AllowOverride All
Require all granted
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
apache2開啟ssl模組
a2enmod ssl
如果未啟用剛才的站點 則使用下命令啟用站點
a2ensite 虛擬主機配置檔名
重啟
service apache2 reload
openssl genrsa -des3 -out apache.key 1024
防止APACHE啟動 讀取私鑰檔案也需要輸入密碼 去除密碼輸入
openssl rsa -in apache.key -out apache.key
用私鑰 生成證書
openssl req -new -key apache.key -out apache.csr
建立根證書
openssl req -new -x509 -keyout ca.key -out ca.crt
使用根證書對生成的證書進行簽名
防止報錯 先建立一些目錄和檔案
mkdir -p demoCA/newCerts
touch demoCA/index.txt
echo "01">demoCA/serial
簽名
openssl ca -in apache.csr -out apache.crt -cert ca.crt -keyfile ca.key
自此 生成了證書所需的檔案
apache.key 私鑰檔案
apache.crt 證書檔案
ca.crt 根證書
在apache2中的虛擬主機進行如下配置(以下搭配了virtualdocumentroot 進行通用證書適配)
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAlias *.ie
VirtualDocumentRoot "/var/www/html/%1"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile/data/__APACHE_SSL/apache.crt
SSLCertificateKeyFile /data/__APACHE_SSL/apache.key
SSLCertificateChainFile /data/__APACHE_SSL/ca.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory / >
SSLOptions +StdEnvVars
Options FollowSymLinks IncludesNOEXEC
DirectoryIndex index.html index.htm default.htm index.php default.php index.cgi default.cgi index.shtml index.aspx default.aspx
AllowOverride All
Require all granted
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
apache2開啟ssl模組
a2enmod ssl
如果未啟用剛才的站點 則使用下命令啟用站點
a2ensite 虛擬主機配置檔名
重啟
service apache2 reload