zoukankan      html  css  js  c++  java
  • ubuntu apache2 https

    1. enable the module ssl by:

    sudo a2enmod ssl

    2.after you have enabled module ssl , you will have to restart the web server for the change to be recognized:

    sudo service apache2 restart

    now ,the web server is able to handle ssl

    3. create a directory to place the certificate files that will be maked:

    sudo mkdir /etc/apache2/ssl

    4.create our key and certificate 

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

    let's go over what this means :

    • openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
    • req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
    • -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
    • -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
    • -days 365: This specifies that the certificate we are creating will be valid for one year.
    • -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
    • -keyout: This parameter names the output file for the private key file that is being created.
    • -out: This option names the output file for the certificate that we are generating.

      when you hit "ENTER" , you will be asked some questions , answer it ....

      then, the key and certificate will be created and placed in the /etc/apache2/ssl directory

      now ! ! ! ! ! ! ! ! ! !  ! we will configure apache to use ssl

      open the file with your editor

      

    sudo vi /etc/apache2/site-available/default-ssl.conf

    what we should modify is the content with red

    <IfModule mod_ssl.c>
        <VirtualHost _default_:443>
            ServerAdmin admin@example.com
            ServerName your_domain.com
            ServerAlias www.your_domain.com
            DocumentRoot /var/www/html
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            SSLEngine on
            SSLCertificateFile /etc/apache2/ssl/apache.crt
            SSLCertificateKeyFile /etc/apache2/ssl/apache.key
            <FilesMatch ".(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>
            BrowserMatch "MSIE [2-6]" 
                            nokeepalive ssl-unclean-shutdown 
                            downgrade-1.0 force-response-1.0
            BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
        </VirtualHost>
    </IfModule>

    save and exit the file when you finished

    then we enable it by:

    sudo a2ensite default-ssl.conf

    restart our web server

    sudo service apache2 restart

    now you can test it in your explorer 

    https://server_domain_name_or_IP:443

  • 相关阅读:
    ABS
    Windows Internals 6th Security
    Windows Internals 6th chap4 services
    Windows Internals 6th chap5 Thread
    Python 腾讯云短信,发送手机验证码
    Python 阿里大于发送手机验证码
    爬虫新手学习2-爬虫进阶(urllib和urllib2 的区别、url转码、爬虫GET提交实例、批量爬取贴吧数据、fidder软件安装、有道翻译POST实例、豆瓣ajax数据获取)
    爬虫新手学习1-爬虫基础
    Python Django CMDB项目实战之-3创建form表单,并在前端页面上展示
    Python Django CMDB项目实战之-2创建APP、建模(models.py)、数据库同步、高级URL、前端页面展示数据库中数据
  • 原文地址:https://www.cnblogs.com/lwmp/p/6383181.html
Copyright © 2011-2022 走看看