【每日教程6.12】Centos下apache配置https

最近都流行玩证书了，机友们，你们也是吗？最近我在群里基本上的博客啊，网站都来个SSL证书什么！所以现在我也把配置https的教程发出来，大家看看！

（1）先按装mod_sslyum install mod_ssl完毕后在/etc/httpd/conf.d/下会有一个ssl.conf的文件,打开主要是看下证书及密钥的位置SSLCertificateFile /etc/pki/tls/certs/localhost.crtSSLCertificateKeyFile /etc/pki/tls/private/localhost.key
（2）生成密钥,进入/etc/pki/tls/private，删除原来的localhost.keyrm -f localhost.key生成新的localhost.key:openssl genrsa 1024 > localhost.key返回到certs目录cd ../certs删除原来的证书rm -rf localhost.crt生成新的openssl req -new -x509 -days 365 -key ../private/localhost.key -out localhost.crt填写需要填写的信息，证书就生成了
这里为什么要用localhost.crt这样的名子，是因为在ssl.conf就是这样子指定的，这两个地方要一样。
重启apache，配置结束现在就可以通过https访问网站
可能需要开发端口443号：iptables -I INPUT -p TCP –dport 443 -j ACCEPT
Apache下设置自动将http跳转到https方法启用了https的ssl证书，现在需要将原先的http直接跳转到https上，下面我给出我经常使用的方法，利用伪静态功能
首先在网站根目录下创建.htaccess文件，如果目录下已经有.htaccess文件，则用vi或者其他编辑器打开，在最下面添加写入如下语句即可RewriteEngine onRewriteBase /RewriteCond %{SERVER_PORT} !^443$RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
apache的虚拟主机配置1、在httpd.conf中打开vhosts和ssl的配置文件# vi /usr/local/apache/conf/httpd.conf打开vhosts配置跳转到447行和459行取消掉Include conf/extra/httpd-vhosts.conf和Include conf/extra/httpd-ssl.conf之前的注释2、配置vhosts# vi /usr/local/apache/conf/extra/httpd-vhosts.conf特别需要注意443段的配置，可在httpd-ssl.conf中找到相关说明NameVirtualHost *:80NameVirtualHost *:443DocumentRoot "/data/www/"ServerName 192.168.1.201Order allow,denyAllow from allOptions -Indexes FollowSymLinksAllowOverride AllDocumentRoot "/data/www/"ServerName 192.168.1.201:443SSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"<filesmatch ".(cgi|shtml|phtml|php)$"="">SSLOptions +StdEnvVarsOrder allow,denyAllow from allOptions -Indexes FollowSymLinksAllowOverride AllBrowserMatch ".*MSIE.*"nokeepalive ssl-unclean-shutdowndowngrade-1.0 force-response-1.0
3、修改httpd-ssl.conf的相关配置
# vi /usr/local/apache/conf/extra/httpd-ssl.conf搜索SSLCertificateFile并将：（99行）SSLCertificateFile “/usr/local/apache/conf/server.crt”改为：SSLCertificateFile “/usr/local/apache/conf/ssl.key/server.cert”注：本章生成的非crt，请注意修改随后的cert
搜索SSLCertificateKeyFile并将：（107行）SSLCertificateKeyFile “/usr/local/apache/conf/server.key”改为：SSLCertificateKeyFile “/usr/local/apache/conf/ssl.key/server.key”
4、重启apache# service httpd startApache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog)Some of your private key files are encrypted for security reasons.In order to read them you have to provide the pass phrases.Server www.example.com:443 (RSA)Enter pass phrase:OK: Pass Phrase Dialog successful.




楼主说看贴不回JJ小！男人都懂的