TShopping

 找回密碼
 註冊
搜索
查看: 749|回復: 2

[教學] CentOS6.5 如何在單IP Apache上建置多個SSL憑證網站

[複製鏈接]
發表於 2014-11-28 14:01:28 | 顯示全部樓層 |閱讀模式
 
Push to Facebook Push to Plurk Push to Twitter 
Make sure the mod_ssl security module is installed and enabled so the Apache web server can use the
OpenSSL library and toolkit:確認安裝 mod_ssl模組 到Apache
  1. yum install mod_ssl openssl
複製代碼


Execute the following commands:
執行以下指令建立ssl目錄
  1. mkdir -p /etc/httpd/ssl/
  2. mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
  3. cd /etc/httpd/ssl/
複製代碼


Generate SSL certificate signing request (CSR) files for your domains:
產生該網域SSL簽名憑證CSR
  1. openssl genrsa -out domain1.key 2048
  2. openssl req -new -key domain1.key -out domain1.csr

  3. openssl genrsa -out domain2.key 2048
  4. openssl req -new -key domain2.key -out domain2.csr
複製代碼


and enter the following details for your certificates:
  • Country Name
  • State or Province Name
  • Locality Name
  • Organization Name
  • Organizational Unit Name
  • Email Address
和進入憑證步驟
1.國家名 Taiwan
2.州名     Taipei
3.區域
4.組織名稱
5.組織單位名稱
6.EMAIL位址
When prompted for the Common Name (i.e. domain name), enter the FQDN (fully qualified domain name) for the website you are securing.
It is recommended to install commercial SSL certificates when used in a production environment. Or, generate and use self-signed SSL certificates when you are just developing or testing a website or application using the following commands:
當輸入網址時(需輸入網址全名)
  1. openssl x509 -req -days 365 -in domain1.csr -signkey domain1.key -out domain1.crt

  2. openssl x509 -req -days 365 -in domain2.csr -signkey domain2.key -out domain2.crt
複製代碼

Edit the ‘ssl.conf’ Apache configuration file:
編輯 Apache ssl.conf檔案
  1. vi /etc/httpd/conf.d/ssl.conf
複製代碼

and add the following lines:
和加入以下敘述
  1. LoadModule ssl_module modules/mod_ssl.so

  2. Listen 443

  3. NameVirtualHost *:443

  4. SSLPassPhraseDialog  builtin
  5. SSLSessionCacheTimeout  300
  6. SSLMutex default
  7. SSLRandomSeed startup file:/dev/urandom  256
  8. SSLRandomSeed connect builtin
  9. SSLCryptoDevice builtin
  10. SSLStrictSNIVHostCheck off

  11. <VirtualHost *:443>
  12. DocumentRoot /var/www/html/domain1
  13. ServerName domain1.com
  14. ServerAlias www.domain1.com
  15. SSLEngine on
  16. SSLProtocol all -SSLv2
  17. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  18. SSLCertificateFile /etc/httpd/ssl/domain1.crt
  19. SSLCertificateKeyFile /etc/httpd/ssl/domain1.key
  20. #SSLCertificateChainFile /etc/httpd/ssl/ca.crt
  21. ErrorLog logs/ssl_error_log
  22. TransferLog logs/ssl_access_log
  23. LogLevel warn
  24. <Files ~ "\.(cgi|shtml|phtml|php3?)[        DISCUZ_CODE_73        ]quot;>
  25.     SSLOptions +StdEnvVars
  26. </Files>
  27. SetEnvIf User-Agent ".*MSIE.*" \
  28.          nokeepalive ssl-unclean-shutdown \
  29.          downgrade-1.0 force-response-1.0
  30. CustomLog logs/ssl_request_log \
  31.           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  32. </VirtualHost>

  33. <VirtualHost *:443>
  34. DocumentRoot /var/www/html/domain2
  35. ServerName domain2.com
  36. ServerAlias www.domain2.com
  37. SSLEngine on
  38. SSLProtocol all -SSLv2
  39. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  40. SSLCertificateFile /etc/httpd/ssl/domain2.crt
  41. SSLCertificateKeyFile /etc/httpd/ssl/domain2.key
  42. #SSLCertificateChainFile /etc/httpd/ssl/ca.crt
  43. ErrorLog logs/ssl_error_log
  44. TransferLog logs/ssl_access_log
  45. LogLevel warn
  46. <Files ~ "\.(cgi|shtml|phtml|php3?)[        DISCUZ_CODE_73        ]quot;>
  47.     SSLOptions +StdEnvVars
  48. </Files>
  49. SetEnvIf User-Agent ".*MSIE.*" \
  50.          nokeepalive ssl-unclean-shutdown \
  51.          downgrade-1.0 force-response-1.0
  52. CustomLog logs/ssl_request_log \
  53.           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  54. </VirtualHost>
複製代碼

When using a commercial SSL certificate, it is likely the signing authority will include an intermediate CA certificate. In that case, create a new ‘/etc/httpd/ssl/ca.crt’ file and paste the contents of the Intermediate CA into it, then edit the the ‘ssl.conf’ configuration file and uncomment the following line:
當使用SSL公開憑證時,他就像是作者簽名,在這個案例,產生一個憑證檔案,編輯‘/etc/httpd/ssl/ca.crt’並把CA內文貼入
  1. SSLCertificateChainFile /etc/httpd/ssl/ca.crt
複製代碼

so the Apache web server can find your CA certificate.
Test the Apache configuration:
測試一下APACHE 設定檔語法是否正確
  1. /etc/init.d/httpd configtest

  2. Syntax OK
複製代碼

Restart the Apache service for the changes to take effect:
重啟APACHE
  1. service httpd restart
複製代碼


Open https://domain1.com and https://domain2.com in your favorite web browser and verify that SSL certificates are installed correctly.
打開網址試試看 https://domain1.com
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to set up multiple SSL Certificates on your VPS for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

參考網址:https://www.rosehosting.com/blog ... ing-one-ip-address/


 

臉書網友討論
發表於 2015-5-17 16:54:39 | 顯示全部樓層


   路过 看看。

版主招募中

發表於 2016-3-14 04:54:18 | 顯示全部樓層
也是支持,我代表大家顶你了


您需要登錄後才可以回帖 登錄 | 註冊 |

本版積分規則



Archiver|手機版|小黑屋|免責聲明|TShopping

GMT+8, 2016-12-10 23:06 , Processed in 0.060901 second(s), 22 queries .

本論壇言論純屬發表者個人意見,與 TShopping綜合論壇 立場無關 如有意見侵犯了您的權益 請寫信聯絡我們。

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回復 返回頂部 返回列表