最新更新 热门文章
当前位置:首页>免费文档>文库资料>综合文库>ssl - apache - linux安全访问设置

ssl - apache - linux安全访问设置

更新时间:2024-06-01 18:16:01 阅读量: 综合文库 文档下载

说明:文章内容仅供预览,部分内容可能不全。下载后的文档,内容与下面显示的完全一致。下载之前请确认下面内容是否您想要的,是否完整无缺。

Apache SSL 配置

文档内所有命令依据系统环境为:

JAVA: jdk1.6.0_30 System: CentOS release 5.7 Apache:httpd-2.2.3 Openssl:openssl-0.9.8e

1. 安装Apache与 OpenSSL: 略。其中Apache需使用带有MOD_SSL模块的版本 2. KEY生成: 进入/usr/local/httpd/conf/sign目录下执行按顺序执行以下命令: 1>openssl genrsa -des3 1024 > /usr/local/httpd/conf/server.key←建立服务器密钥 Generating RSA private key, 1024 bit long modulus ................++++++ ...........................................................................++++++ e is 65537 (0x10001) Enter pass phrase: ←在这里输入口令 Verifying - Enter pass phrase: ←确认口令,再次输入 2>openssl rsa -in /usr/local/httpd/conf/server.key > /usr/local/httpd/conf/server2.key←从密钥中删除密码(以避免系统启动后被询问口令) Enter pass phrase for ssl.key/server.key: ←输入口令 writing RSA key 3>mv /usr/local/httpd/conf/server2.key/usr/local/httpd/conf/server.key 4>openssl req -new -key /usr/local/httpd/conf/server.key -out /usr/local/httpd/conf/server.csr←建立服务器密钥请求文件 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:CN ←输入国名 State or Province Name (full name) [Berkshire]:GD ←输入省名 Locality Name (eg, city) [Newbury]:Foshan ←输入城市名 Organization Name (eg, company) [My Company Ltd]:cdcgs ←输入组织名(任意) Organizational Unit Name (eg, section) []: ←不输入,直接回车 Common Name (eg, your name or your server's hostname) []:www.cdcsaas.com ←输入通称(任意) Email Address []:yourname@yourserver.com ←输入电子邮箱地址 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: ←不输入,直接回车 An optional company name []: ←不输入,直接回车 5>openssl x509 -in /usr/local/httpd/conf/server.csr -out /usr/local/httpd/conf/server.crt -req -signkey /usr/local/httpd/conf/server.key -days 365←建立服务器证书 Signature ok subject=/C=CN/ST=GD/L=Foshan/O=cdcgs/CN=www.cdcsaas.com/\\ emailAddress=yourname@yourserver.com Getting Private key 3. Apache添加SSL支持: 1>关闭Apache: ./ usr/local/httpd/bin/httpd –k stop 2>增加支持SSL,执行 vi /usr/local/httpd/conf/httpd.conf: #Include conf/extra/httpd-ssl.conf←找到这一行,将行首的“#”去掉 ↓ Include conf/extra/httpd-ssl.conf 3>启动重定向(可选),使用用户HTTP访问自动重定向为HTTPS,在httpd.conf文件尾加入如下内容: RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R] 4>设置加密文件,在文件/usr/local/httpd/conf/extra/httpd-ssl.cnf中,将以下几行的注释去掉,并修改相应路径如下: SSLCertificateFile \SSLCertificateKeyFile \DocumentRoot \4.启动apache: ./usr/local/httpd/bin/httpd –k start 6.测试HTTPS: 打开浏览器,在地址栏输入“http://你的域名”或者“https://你的域名”后,如果浏览器自动跳转成htts://?,并且能继续访问成功,则表示服务器已经可以支持SSL.

本文来源:https://www.bwwdw.com/article/6mn6.html

相关文章:

正在阅读:

ssl - apache - linux安全访问设置06-01

亚信科技笔试题04-17

2018-2024年中国复合肥行业市场现状分析及投资研究报告(目录) - 图文01-15

雪地里的小画家课件01-02

单片机流水灯Protues仿真08-16

危险化学品从业单位安全生产标准化评审表(评分版) - 图文10-01

拖拉机甩油盘设计说明书(全套CAD图纸见最后)12-14

石鼓文注释分析考证06-22

合肥教育信息网:合肥十中招聘16人12-17

将阅读进行到底07-12

相关文章
最新文章
推荐文章

Copyright©博文网bwwdw.com 版权所有

最新更新 | 热点专题 | 网站地图 | TAG专题 | XML地图 | 范文搜索

Top