查看: 878|回復: 0

[教學] CentOS-Apache-SSL架設

發表於 2013-1-29 00:35:51 | 顯示全部樓層 |閱讀模式
Push to Facebook Push to Plurk Push to Twitter 
  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/conf.d/ssl.conf
  • [root@localhost ~]# openssl genrsa -out www.key 1024
    • Generating RSA private key, 1024 bit long modulus
    • .................................++++++
    • .........++++++
    • e is 65537 (0x10001)
  • [root@localhost ~]# openssl req -new -key www.key -out www.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [GB]:TW
    State or Province Name (full name) [Berkshire]:Taipei
    Locality Name (eg, city) [Newbury]:Taipei
    Organization Name (eg, company) [My Company Ltd]:www
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:www.ne226.kirnel.com
    Email Address []:webmaster@ne226.kirnel.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
  • [root@localhost ~]# openssl x509 -req -days 365 -in www.csr -signkey www.key -out www.crt
    Signature ok
    Getting Private key
  • [root@localhost ~]# cp www.crt /etc/pki/tls/certs/
  • [root@localhost ~]# cp www.key /etc/pki/tls/private/
  • [root@localhost ~]# cp www.csr /etc/pki/tls/private/
  • #   Server Certificate:
    # Point SSLCertificateFile at a PEM encoded certificate.  If
    # the certificate is encrypted, then you will be prompted for a
    # pass phrase.  Note that a kill -HUP will prompt again.  A new
    # certificate can be generated using the genkey(1) command.
    SSLCertificateFile /etc/pki/tls/certs/www.crt

    #   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/pki/tls/private/www.key

  • #service httpd restart


您需要登錄後才可以回帖 登錄 | 註冊 |



GMT+8, 2016-10-28 08:46 , Processed in 0.054127 second(s), 22 queries .

本論壇言論純屬發表者個人意見,與 TShopping綜合論壇 立場無關 如有意見侵犯了您的權益 請寫信聯絡我們。

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回復 返回頂部 返回列表