一、激活模块(有两种方法)
1.运行命令
a2enmod ssl
这条命令相当于
sudo ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled
sudo ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled
然后Include /etc/apache2/mods-enabled/*.load
2.或直接在apache2.conf中加入模块引导
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
二、安装openssl
然后执行命令生成证书
openssl req -x509 -newkey rsa:1024 -keyout apache.pem -out apache.pem -nodes -days 999
其中999是证书的有效期
回答一些问题,比如:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:gd
Locality Name (eg, city) []:gz
Organization Name (eg, company) [Internet Widgits Pty Ltd]:XXX
Organizational Unit Name (eg, section) []:YYY
Common Name (eg, YOUR name) []:server2 这里是授权的主机名
Email Address []:111@gmail.com
运行之后会在/etc/apache2下面生成一个apache.pem
为了方便管理。在/etc/apache2下面建立一个ssl的文件夹。把apache.pem放进去
三、加入侦听端口
在apache2.conf中加入Listen 443或Include /etc/apache2/ports.conf
四、配置站点文件
把默认端口改为443
在<Virtualhost>下面加入
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
例:
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www
ServerName 192.168.60.131
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
#RedirectMatch ^/$ /apache2-default/
</Directory>
重启apache服务
测试https://localhost/,ie会弹出security alert,ff会显示是否添加exception的信息
生成证书请求文件(CSR)
进入OpenSSL安装的目录,运行如下命令生成私钥:
openssl genrsa -des3 1024 -out server.key
Loading 'screen' into random state - done
Generating RSA private key, 1024 bit long modulus
..........++++++
........++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
如果使用-des3参数,将会需要输入一个密码对私钥进行加密,如不需要对私钥加密请不要使用-des3选项。
输入两次密码后,将会生成server.key私钥文件
运行如下命令生成证书请求文件(CSR)
openssl req -new -key server.key –out server.csr