为了简单明了,先采用RPM包的方式安装Apache服务器。
# cd /misc/cd/RedHat/RPMS/ //进入光盘的包存放目录
# rpm -ivh rpmdb-redhat-4-0.20070421.i386.rpm //安装这个包的目的是便于解决有些程序的依赖性关系
# rpm -ivh rpmdb-redhat-4-0.20070421.i386.rpm //安装这个包的目的是便于解决有些程序的依赖性关系
# rpm -ivh --aid httpd-2.0.52-32.ent.i386.rpm //加--aid自动解决包的依赖性关系,因此前面已经安装了rpmdb包
# rpm -ivh mod_ssl-2.0.52-32.ent.i386.rpm //安装这个包的目的是实现https
# echo 'this is my first page!' > /var/www/html/index.html //新建一个默认主页放到apache定义的默认主目录中
# service httpd start //启动服务器
在浏览器中输入 https://服务器IP 安装证书就可以实现安全的HTTP了。
但是这时候的证书是mod_ssl自动生成的,信息并不是我们自己想要的!所以我们可以用下面的方法制作自己的证书。
# cd /etc/httpd/conf //进入apache配置文件存放目录
# rm -f ssl.*/server.* //将mod_ssl自动安装的相关证书和签名文件删除
# openssl genrsa -des3 1024 > ssl.key/server.key //生成私钥文件(Private Key)该文件要求输入口令。
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key //如果不想使用口令可以去掉,这时会要求输入生成时设置的口令。
# rm -f ssl.*/server.* //将mod_ssl自动安装的相关证书和签名文件删除
# openssl genrsa -des3 1024 > ssl.key/server.key //生成私钥文件(Private Key)该文件要求输入口令。
# openssl rsa -in ssl.key/server.key -out ssl.key/server.key //如果不想使用口令可以去掉,这时会要求输入生成时设置的口令。
# openssl req -new -key ssl.key/server.key -out ssl.csr/server.csr //生成证书签名请求文件(Certificate Signing Request)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH //输入国家名称
State or Province Name (full name) [Berkshire]:BeiJing //省名
Locality Name (eg, city) [Newbury]:Beijing //城市
Organization Name (eg, company) [My Company Ltd]:XHCE //组织名称
Organizational Unit Name (eg, section) []:BJXH //单位名称
Common Name (eg, your name or your server's hostname) []:[url]http://yuan2.blog.51cto.com[/url] //根据具体情况填写
Email Address []:weisheng213@126.com //邮箱
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CH //输入国家名称
State or Province Name (full name) [Berkshire]:BeiJing //省名
Locality Name (eg, city) [Newbury]:Beijing //城市
Organization Name (eg, company) [My Company Ltd]:XHCE //组织名称
Organizational Unit Name (eg, section) []:BJXH //单位名称
Common Name (eg, your name or your server's hostname) []:[url]http://yuan2.blog.51cto.com[/url] //根据具体情况填写
Email Address []:weisheng213@126.com //邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //质询密码,可以不写
An optional company name []: //可以不写
to be sent with your certificate request
A challenge password []: //质询密码,可以不写
An optional company name []: //可以不写
# openssl x509 -in ssl.csr/server.csr -out ssl.crt/server.crt -req -signkey ssl.key/server.key -days 365 //让服务器自己当证书签名服务器,安全电子商务中需要向第三方商业机构申请。
Signature ok
subject=/C=CH/ST=BeiJing/L=Beijing/O=XHCE/OU=BJXH/CN=http://yuan2.blog.51cto.com/emailAddress=weisheng213@126.com
Getting Private key
Signature ok
subject=/C=CH/ST=BeiJing/L=Beijing/O=XHCE/OU=BJXH/CN=http://yuan2.blog.51cto.com/emailAddress=weisheng213@126.com
Getting Private key
# vi ../conf.d/ssl.conf //编辑mod_ssl的主配置文件将
#DocumentRoot "/var/www/html" 前面的#号去掉
# service httpd restart //重启apache服务器以读取新的证书信息
在客户端输入服务器的地址测试得到下面的信息:
点击查看证书得到面结果:
安装好证书就可以实现安全HTTP了!
本文转自Y.weisheng 51CTO博客,原文链接:http://blog.51cto.com/yuan2/93586,如需转载请自行联系原作者
