CentOS-Apache-SSL架設
設定檔位置[*]/etc/httpd/conf/httpd.conf
[*]/etc/httpd/conf.d/ssl.conf
產生key檔
[*]# openssl genrsa -out www.key 1024
[*]Generating RSA private key, 1024 bit long modulus
[*].................................++++++
[*].........++++++
[*]e is 65537 (0x10001)
利用key建立憑證csr檔
[*]# openssl req -new -key www.key -out www.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :TW
State or Province Name (full name) :Taipei
Locality Name (eg, city) :Taipei
Organization Name (eg, company) :www
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:www.ne226.kirnel.com
Email Address []:webmaster@ne226.kirnel.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
利用key,csr建立crt檔
[*]# openssl x509 -req -days 365 -in www.csr -signkey www.key -out www.crt
Signature ok
subject=/C=TW/ST=Taipei/L=Taipei/O=www/CN=www.ne226.kirnel.com/emailAddress=webmaster@ne226.kirnel.com
Getting Private key
搬到適當地點
[*]# cp www.crt /etc/pki/tls/certs/
[*]# cp www.key /etc/pki/tls/private/
[*]# cp www.csr /etc/pki/tls/private/
修改檔案/etc/httpd/conf.d/ssl.conf
[*]# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.Note that a kill -HUP will prompt again.A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/www.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file.Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/www.key
重啟
[*]#service httpd restart
頁:
[1]