1、首先要確認安裝了 mod_ssl模塊
我的機器是centos是系統,執行下面命令
yum install -y mod_ssl
2、用openssl工具生成密鑰,證書請求文件,證書
在/usr/local/httpd目下,執行以下命令。
2.1生成密鑰
openssl genrsa 1024 > server.key
說明:這是用128位rsa算法生成密鑰,得到server.key文件
2.2生成證書請求文件
openssl req -new -out server.csr
說明:這是用步驟1的密鑰生成證書請求文件server.csr, 這一步提很多問題,一一輸入
2.3生成證書
命令:openssl req -x509 -days 365 -key server.key -in server.csr > server.crt
說明:這是用步驟1,2的的密鑰和證書請求生成證書server.crt,-days參數指明證書有效期,單位為天
3、 配置apache
修改httpd.conf
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
# General setup for the virtual host
DocumentRoot "/usr/local/httpd/htdocs/ssl"
ServerName ssl.baishiz.com:443
ServerAdmin [email protected]
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/usr/local/httpd/server.crt"
SSLCertificateKeyFile "/usr/local/httpd/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/httpd/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
