TShopping

 找回密碼
 註冊
搜索
查看: 889|回復: 0

[教學] CentOS-Apache-SSL架設

[複製鏈接]
發表於 2013-1-29 00:35:51 | 顯示全部樓層 |閱讀模式
 
Push to Facebook Push to Plurk Push to Twitter 
設定檔位置
  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/conf.d/ssl.conf
產生key檔
  • [root@localhost ~]# openssl genrsa -out www.key 1024
    • Generating RSA private key, 1024 bit long modulus
    • .................................++++++
    • .........++++++
    • e is 65537 (0x10001)
利用key建立憑證csr檔
  • [root@localhost ~]# openssl req -new -key www.key -out www.csr
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [GB]:TW
    State or Province Name (full name) [Berkshire]:Taipei
    Locality Name (eg, city) [Newbury]:Taipei
    Organization Name (eg, company) [My Company Ltd]:www
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:www.ne226.kirnel.com
    Email Address []:webmaster@ne226.kirnel.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:
利用key,csr建立crt檔
  • [root@localhost ~]# openssl x509 -req -days 365 -in www.csr -signkey www.key -out www.crt
    Signature ok
    subject=/C=TW/ST=Taipei/L=Taipei/O=www/CN=www.ne226.kirnel.com/emailAddress=webmaster@ne226.kirnel.com
    Getting Private key
搬到適當地點
  • [root@localhost ~]# cp www.crt /etc/pki/tls/certs/
  • [root@localhost ~]# cp www.key /etc/pki/tls/private/
  • [root@localhost ~]# cp www.csr /etc/pki/tls/private/
修改檔案/etc/httpd/conf.d/ssl.conf
  • #   Server Certificate:
    # Point SSLCertificateFile at a PEM encoded certificate.  If
    # the certificate is encrypted, then you will be prompted for a
    # pass phrase.  Note that a kill -HUP will prompt again.  A new
    # certificate can be generated using the genkey(1) command.
    SSLCertificateFile /etc/pki/tls/certs/www.crt

    #   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/pki/tls/private/www.key
重啟

  • #service httpd restart


 

臉書網友討論
您需要登錄後才可以回帖 登錄 | 註冊 |

本版積分規則



Archiver|手機版|小黑屋|免責聲明|TShopping

GMT+8, 2016-12-8 10:11 , Processed in 0.060609 second(s), 22 queries .

本論壇言論純屬發表者個人意見,與 TShopping綜合論壇 立場無關 如有意見侵犯了您的權益 請寫信聯絡我們。

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回復 返回頂部 返回列表