1. 安装mod_gnutls
|
1
2
3
4
5
6
|
# yum install httpd-devel gnutls-devel
# wget http:
//www.outoforder.cc/downloads/mod_gnutls/mod_gnutls-0.2.0.tar.bz2
# tar -xjvf mod_gnutls-
0.2
.
0
.tar.bz2
# cd mod_gnutls-
0.2
.
0
# ./configure --prefix=/usr
# make
|
如果要安装高版本的gnutls的话,需要先安装相对应的依赖包libnettle gmplib。下载地址:http://www.gnutls.org/download.html ftp://ftp.gnutls.org/gcrypt/gnutls
2. apache加载mod_gnutls模块
|
1
2
|
# cp mod_gnutls-0.2.0/src/.libs/libmod_gnutls.so /usr/lib/httpd/modules/mod_gnutls.so
# cp mod_gnutls-0.2.0/data/{dh,rsa}file /etc/httpd/conf/
|
mod_gnutls模块依赖dhfile和rsafile文件
这里要说下 必须安装gnutls-utils 这个包,因为要生成dhfile和rsafile需要用certtool工具,而这个工具是包含在gnutls-utils里的,不安装的话,再make的时候,会报错
3. 配置httpd.conf
|
1
2
3
4
5
6
7
|
Listen 10.1.1.22:443
LoadModule gnutls_module modules
/mod_gnutls
.so
AddType application
/x-x509-ca-cert
.crt
AddType application
/x-pkcs7-crl
.crl
GnuTLSCache dbm
"/var/cache/mod_gnutls_cache"
GnuTLSCacheTimeout 300
NameVirtualHost 10.1.1.22:443
|
创建回话缓存目录
|
1
2
|
# mkdir -m 0700 /var/cache/mod_gnutls_cache
# chown nobody.nobody /var/cache/mod_gnutls_cache
|
4. 配置虚拟主机
|
1
2
3
4
5
6
7
|
<VirtualHost 10.1.1.22:443>
ServerName www.ttlsa.com:443
GnuTLSEnable on
GnuTLSCertificateFile .
/ssl/www
.ttlsa.com.public.cer
GnuTLSKeyFile .
/ssl/www
.ttlsa.com.private.key
DocumentRoot
"/data/wwwroot/www.ttlsa.com/webroot"
<
/VirtualHost
>
|
|
1
2
3
4
5
6
|
ServerName www.heytool.com:443
GnuTLSEnable on
GnuTLSCertificateFile .
/ssl/www
.heytool.com.public.cer
GnuTLSKeyFile .
/ssl/www
.heytool.com.private.key
DocumentRoot
"/data/wwwroot/www.heytool.com/webroot"
<
/VirtualHost
>
|
这样访问每个虚拟主机都正常。
参考文档:http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-with-mod_gnutls/
本文转自wks9751CTO博客,原文链接:
http://blog.51cto.com/wks97/1600075
,如需转载请自行联系原作者
