Apache 搭建HTTPS Virtual Host
1.创建SSL证书
首先需要安装openssl,linux系统默认已安装,如没有则用以下命令安装:
sudo apt-get install openssl sudo apt-get install libssl-dev创建证书:
cd /etc/ssl/private sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt参数说明:
-x509 显示证书和签名工具
-days 证书的有效期
-sha1 证书加密算法
-newkey rsa:1024 创建一个新key,1024表示公钥长度为1024bits
命令执行完会创建demo.key与demo.crt
更多参数说明可以参考:http://www.openssl.org/docs/apps/openssl.html
创建步骤:
root@ubuntu:/etc/ssl/private# sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt Generating a 1024 bit RSA private key .......++++++ ...........++++++ writing new private key to 'demo.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:GD Locality Name (eg, city) []:GZ Organization Name (eg, company) [Internet Widgits Pty Ltd]:fdipzone.Ltd Organizational Unit Name (eg, section) []:test Common Name (eg, YOUR name) []:demo.fdipzone.com Email Address []:fdipzone@gmail.com root@ubuntu:/etc/ssl/private#需要填写的项目:
Country Name (2 letter code) [AU]:
国家
State or Province Name (full name) [Some-State]:省份
Locality Name (eg, city) []:城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:公司名称
Organizational Unit Name (eg, section) []: 组织单位名称
Common Name (eg, YOUR name) []: 填写域名
Email Address []:电邮地址
2.创建Virtual Host
<VirtualHost *:443>
DocumentRoot /home/fdipzone/demo
ServerName demo.fdipzone.com
<Directory "/home/fdipzone/demo">
allow from all
AllowOverride all
Options -Indexes FollowSymLinks
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/private/demo.crt
SSLCertificateKeyFile /etc/ssl/private/demo.key
SSLCipherSuite AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
</VirtualHost>
开启SSL Engine及设置使用的证书,端口443
SSLEngine on
SSLCertificateFile /etc/ssl/private/demo.crt
SSLCertificateKeyFile /etc/ssl/private/demo.key
