CentOS6.5 如何在單IP Apache上建置多個SSL憑證網站

woff

Make sure the mod_ssl security module is installed and enabled so the Apache web server can use the
OpenSSL library and toolkit:確認安裝 mod_ssl模組 到Apache

1. yum install mod_ssl openssl

複製代碼

Execute the following commands:
執行以下指令建立ssl目錄

1. mkdir -p /etc/httpd/ssl/
   
2. mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
   
3. cd /etc/httpd/ssl/

複製代碼

Generate SSL certificate signing request (CSR) files for your domains:
產生該網域SSL簽名憑證CSR

1. openssl genrsa -out domain1.key 2048
   
2. openssl req -new -key domain1.key -out domain1.csr
   
3. 
   
4. openssl genrsa -out domain2.key 2048
   
5. openssl req -new -key domain2.key -out domain2.csr

複製代碼

and enter the following details for your certificates:

• Country Name
• State or Province Name
• Locality Name
• Organization Name
• Organizational Unit Name
• Email Address
  

和進入憑證步驟

1.國家名 Taiwan

2.州名     Taipei

3.區域

4.組織名稱

5.組織單位名稱

6.EMAIL位址

When prompted for the Common Name (i.e. domain name), enter the FQDN (fully qualified domain name) for the website you are securing.

It is recommended to install commercial SSL certificates when used in a production environment. Or, generate and use self-signed SSL certificates when you are just developing or testing a website or application using the following commands:

當輸入網址時(需輸入網址全名)

1. openssl x509 -req -days 365 -in domain1.csr -signkey domain1.key -out domain1.crt
   
2. 
   
3. openssl x509 -req -days 365 -in domain2.csr -signkey domain2.key -out domain2.crt

複製代碼

Edit the ‘ssl.conf’ Apache configuration file:

編輯 Apache ssl.conf檔案

1. vi /etc/httpd/conf.d/ssl.conf

複製代碼

and add the following lines:

和加入以下敘述

1. LoadModule ssl_module modules/mod_ssl.so
   
2. 
   
3. Listen 443
   
4. 
   
5. NameVirtualHost *:443
   
6. 
   
7. SSLPassPhraseDialog  builtin
   
8. SSLSessionCacheTimeout  300
   
9. SSLMutex default
   
10. SSLRandomSeed startup file:/dev/urandom  256
    
11. SSLRandomSeed connect builtin
    
12. SSLCryptoDevice builtin
    
13. SSLStrictSNIVHostCheck off
    
14. 
    
15. <VirtualHost *:443>
    
16. DocumentRoot /var/www/html/domain1
    
17. ServerName domain1.com
    
18. ServerAlias www.domain1.com
    
19. SSLEngine on
    
20. SSLProtocol all -SSLv2
    
21. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    
22. SSLCertificateFile /etc/httpd/ssl/domain1.crt
    
23. SSLCertificateKeyFile /etc/httpd/ssl/domain1.key
    
24. #SSLCertificateChainFile /etc/httpd/ssl/ca.crt
    
25. ErrorLog logs/ssl_error_log
    
26. TransferLog logs/ssl_access_log
    
27. LogLevel warn
    
28. <Files ~ "\.(cgi|shtml|phtml|php3?)[        DISCUZ_CODE_73        ]quot;>
    
29.     SSLOptions +StdEnvVars
    
30. </Files>
    
31. SetEnvIf User-Agent ".*MSIE.*" \
    
32.          nokeepalive ssl-unclean-shutdown \
    
33.          downgrade-1.0 force-response-1.0
    
34. CustomLog logs/ssl_request_log \
    
35.           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
    
36. </VirtualHost>
    
37. 
    
38. <VirtualHost *:443>
    
39. DocumentRoot /var/www/html/domain2
    
40. ServerName domain2.com
    
41. ServerAlias www.domain2.com
    
42. SSLEngine on
    
43. SSLProtocol all -SSLv2
    
44. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    
45. SSLCertificateFile /etc/httpd/ssl/domain2.crt
    
46. SSLCertificateKeyFile /etc/httpd/ssl/domain2.key
    
47. #SSLCertificateChainFile /etc/httpd/ssl/ca.crt
    
48. ErrorLog logs/ssl_error_log
    
49. TransferLog logs/ssl_access_log
    
50. LogLevel warn
    
51. <Files ~ "\.(cgi|shtml|phtml|php3?)[        DISCUZ_CODE_73        ]quot;>
    
52.     SSLOptions +StdEnvVars
    
53. </Files>
    
54. SetEnvIf User-Agent ".*MSIE.*" \
    
55.          nokeepalive ssl-unclean-shutdown \
    
56.          downgrade-1.0 force-response-1.0
    
57. CustomLog logs/ssl_request_log \
    
58.           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
    
59. </VirtualHost>

複製代碼

When using a commercial SSL certificate, it is likely the signing authority will include an intermediate CA certificate. In that case, create a new ‘/etc/httpd/ssl/ca.crt’ file and paste the contents of the Intermediate CA into it, then edit the the ‘ssl.conf’ configuration file and uncomment the following line:

當使用SSL公開憑證時，他就像是作者簽名，在這個案例，產生一個憑證檔案，編輯‘/etc/httpd/ssl/ca.crt’並把CA內文貼入

1. SSLCertificateChainFile /etc/httpd/ssl/ca.crt

複製代碼

so the Apache web server can find your CA certificate.

Test the Apache configuration:

測試一下APACHE 設定檔語法是否正確

1. /etc/init.d/httpd configtest
   
2. 
   
3. Syntax OK

複製代碼

Restart the Apache service for the changes to take effect:

重啟APACHE

1. service httpd restart

複製代碼

Open https://domain1.com and https://domain2.com in your favorite web browser and verify that SSL certificates are installed correctly.

打開網址試試看 https://domain1.com

Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to set up multiple SSL Certificates on your VPS for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

參考網址：https://www.rosehosting.com/blog ... ing-one-ip-address/

或斑驳驳

   路过 看看。

仅念后知

也是支持，我代表大家顶你了