首先安裝SSL，再編譯安裝APACHE，再配置證書即可

1.下載apache和openssl
網址：http://www.apache.org
      http://www.openssl.org
2.解壓
#tar zxvf httpd-2.0.54.tar.gz
#tar zxvf openssl-0.9.7g.tar.gz
3.編譯安裝openssl,這個軟體主要是用來生成證書：
#cd openssl-0.9.7g
#./config
#make
#make test
#make install
把openssl放進核心目錄下，使其在任何目錄下都能執行。
#cd /usr/local/bin
#ln -s /usr/local/ssl/bin/openssl openssl
4.編譯安裝apache
#cd /opt/httpd-2.0.54
#./configure --prefix="/opt/apache2" --enable-so --enable-ssl --with-ssl="/usr/local/ssl/bin"
#make
#make install
5.安裝完畢，生成證書：
在/opt/apache2/conf下建立一個ssl.key目錄
#cd ../apache2/
#cd conf/
#mkdir ssl.key
然後在該目錄下生成證書：
#cd ssl.key/
生成伺服器私鑰：
#openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.......................++++++
.................................................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
生成伺服器證書請求，並按要求填些相關證書資訊：
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:

[email protected]
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
簽證：
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
Signature ok
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/[email protected]
Getting Private key
Enter pass phrase for server.key:
為了安全，然後我們把這些檔案的許可權都設為400
chmod 400 server.key
chmod 400 server.cert

最後對/opt/apache2/conf/ssl.conf 進行修改：

vi /opt/apache2/conf/ssl.conf
修改的地方如下幾處：
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt  #108行
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
#SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key   #116行
#SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key

這樣我們就基本配好了ssl現在我們來讓apache啟動ssl

/opt/apache2/bin/apachectl startssl

然後要求輸入證書密碼，正確輸入後ssl就連同apache一起啟動

 
在瀏覽器中輸入：https://210.75.18.36

要求下載證書，OK~好了~結束~就是這麼簡單。

參考：http://www.szlangxing.com/Article/gyw/200504/524.html
         http://www.chinaunix.net/jh/13/469276.html
 
 

Keytool應用例項:

1.產生一個keystore:

keytool -genkey -alias myssl -keyalg RSA -keystore myssl.jks

執行這個命令,系統提示:

Enter keystore password:(輸入keystore密碼:)
yourpassword(輸入密碼)

What is your first and last name?(您的名字與姓氏是什麼？)
[Unknown]: www.myssl.cn(輸入申請的證書的域名)

What is the name of your organizational unit? (您的組織單位名稱是什麼？)
[Unknown]:Fastcom(輸入你所在組織單位的名字)

What is the name of your organization? (您的組織名稱是什麼？)
[Unknown]:Fastcom (輸入你所在組織的名字)

What is the name of your City or Locality?(您所在的城市或區域名稱是什麼？)
[Unknown]:Shanghai(輸入所在城市的名字)

What is the name of your State or Province? (您所在的州或省份名稱是什麼？)
[Unknown]:Shanghai(輸入所在省份名字)

What is the two-letter country code for this unit?(該單位的兩字母國家程式碼是什麼？)
[Unknown]:CN(輸入國家名字,如果是中國，請輸入CN)

Is CN=www.myssl.cn, OU=fastcom, O=fastcom, L=Shanghai, ST=Shanghai, C=CN correct? [no]:
yes