zoukankan      html  css  js  c++  java
  • apache 配置https

    1、生成密钥
    openssl genrsa 1024 > server.key
    这是用128位rsa算法生成密钥,并保存到server.key文件

    2、生成证书请求文件
    openssl req -new -key server.key > server.csr

    Country Name (2 letter code) [GB]:CN
    State or Province Name (full name) [Berkshire]:Zhejiang
    Locality Name (eg, city) [Newbury]:Hangzhou
    Organization Name (eg, company) [My Company Ltd]:My Application
    Organizational Unit Name (eg, section) []:My Application
    Common Name (eg, your name or your server's hostname) []:www.www.com
    Email Address []:

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:My Application

    3、生成证书
    openssl req -x509 -days 730 -key server.key -in server.csr > server.crt
    参数-days表示证书有效期

    至此证书完毕,开始配置httpd,因为已经在运行httpd

    httpd重新编译追加ssl:
    1、重新编译
    make clean
    make clean all
    ./configure --prefix=/usr/local/apache2 --enable-so --enable-mods-shared=most --enable-ssl &&
    make &&
    make install
    2、编辑httpd.conf文件,添加
    LoadModule ssl_module modules/mod_ssl.so
    3、加载ssl配置
    Include conf/httpd-ssl.conf
    4、注意修改证书配置
    SSLCertificateFile /apache/conf/server.crt
    SSLCertificateKeyFile /apache/conf/server.key
    5、因为自定义了DocumentRoot,所以也要修改httpd-ssl.conf的DocumentRoot

    起来后发现日志里总是有以下错误:

    [notice] caught SIGTERM, shutting down
    [Wed Mar 26 21:53:02 2014] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Mar 26 21:53:02 2014] [warn] RSA server certificate CommonName (CN) `serv' does NOT match server name!?

  • 相关阅读:
    搭建mongoDB 配置副本集 replSet
    关于erlang解析json数据
    互联网精准广告定向技术
    cmd 查看端口占用情况
    nutzboot dubbo zookeeper简单使用
    一些常用名词
    小程序video置顶
    html 5 video audio
    android webview 视频相关
    微信小程序
  • 原文地址:https://www.cnblogs.com/ShepherdIsland/p/3627098.html
Copyright © 2011-2022 走看看