Apache 搭建HTTPS Virtual Host
1.创建SSL证书
首先需要安装openssl,linux系统默认已安装,如没有则用以下命令安装:
sudo apt-get install openssl
sudo apt-get install libssl-dev
创建证书:
cd /etc/ssl/private
sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt
参数说明:
-x509 显示证书和签名工具
-days 证书的有效期
-sha1 证书加密算法
-newkey rsa:1024 创建一个新key,1024表示公钥长度为1024bits
命令执行完会创建demo.key与demo.crt
更多参数说明可以参考:http://www.openssl.org/docs/apps/openssl.html
创建步骤:
|
root@ubuntu:/etc/ssl/private# sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt
Generating a 1024 bit RSA private key
.......++++++
...........++++++
writing new private key to 'demo.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GD
Locality Name (eg, city) []:GZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:fdipzone.Ltd
Organizational Unit Name (eg, section) []:test
Common Name (eg, YOUR name) []:demo.fdipzone.com
Email Address []:fdipzone@gmail.com
root@ubuntu:/etc/ssl/private#
|
需要填写的项目:
|
Country Name (2 letter code) [AU]: 国家
State or Province Name (full name) [Some-State]:省份
Locality Name (eg, city) []:城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:公司名称
Organizational Unit Name (eg, section) []: 组织单位名称
Common Name (eg, YOUR name) []: 填写域名
Email Address []:电邮地址
|
2.创建Virtual Host
|
<VirtualHost *:443>
DocumentRoot /home/fdipzone/demo
ServerName demo.fdipzone.com
<Directory "/home/fdipzone/demo">
allow from all
AllowOverride all
Options -Indexes FollowSymLinks
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/private/demo.crt
SSLCertificateKeyFile /etc/ssl/private/demo.key
SSLCipherSuite AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
</VirtualHost>
|
开启SSL Engine及设置使用的证书,端口443
SSLEngine on
SSLCertificateFile /etc/ssl/private/demo.crt
SSLCertificateKeyFile /etc/ssl/private/demo.key
最新内容请见作者的GitHub页:http://qaseven.github.io/
