因爲爲本地開發環境,所以該安全鏈接是屬於無人簽署型的認證,所以只適用於本地開發,不適合商業環境。
在確定mod_ssl模塊已安裝並正常運行的情況下,apache配置文件夾中有如下5個文件夾:
ssl.crl : 存放被撤銷證書的目錄
ssl.crt : 有效證書存放目錄
ssl.csr : 響應認證簽名的目錄
ssl.key : 密鑰存放在此
ssl.prm : 存放生成密鑰時所需的選項
創建密鑰
在ssl.key目錄下創建一個無需密碼對的密鑰:
openssl genrsa -out www.crazysquirrel.com.key 1024
創建簽名請求證書:
openssl req -new -key www.crazysquirrel.com.key -out ../ssl.csr/www.crazysquirrel.com.csr
自己簽署密鑰:
openssl x509 -in www.crazysquirrel.com.csr -out ../ssl.crt/www.crazysquirrel.com.crt -req -signkey ../ssl.key/www.crazysquirrel.com.key -days 365
添加配置選項並重啓apache:
在httpd.conf中加入:
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/www.crazysquirrel.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/www.crazysquirrel.com.key
添加監聽端口:
Listen 80
Listen 443
重啓apache
虛擬主機的配置:
<VirtualHost 1.2.3.4:443>
ServerAdmin [email protected]
DocumentRoot /somewhere/crazysquirrel.com
ServerName www.crazysquirrel.com
ErrorLog /var/log/apache/error.log
CustomLog /var/log/apache/crazysquirrel.log combined
SSLEngine on
SSLCertificateFile /etc/apache/ssl.crt/www.crazysquirrel.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/www.crazysquirrel.com.key
SSLLog /var/log/apache/crazysquirrel_ssl.log
SSLLogLevel warn
</VirtualHost>