CentOS下httpd 2.4.7配置https

通過http協議傳輸的數據都是明文的，很容易被竊聽。很多時候需要在網上傳輸口令，這個時候就需要對信息進行加密，對HTTP傳輸進行加密的協議就是HTTPS，它是通過SSL進行HTTP傳輸的協議。

我們現在已經有了httpd環境，可參考(http://fengwan.blog.51cto.com/508652/1360429)

在編譯過程中需要加上參數--enable-ssl

[root@NFSServer httpd-2.4.7]# ./configure \

>--prefix=/webserver/httpd\

>--sysconfdir=/webserver/httpd/conf\

>--enable-so \

>--enable-rewirte \

>--enable-ssl \

>--enable-cgi \

>--enable-cgid \

>--enable-modules=most \

>--enable-modules-shared=most \

>--enable-mpms-shared=all \

>--with-apr=/webserver/apr\

>--with-apr-util=/webserver/apr-util

1.環境準備

1.openssl安裝

[root@WebServer ~]# yum -y install openssl openssl-devel

2.創建密碼文件

[root@WebServer ~]# openssl genrsa -out server.key 1024
[root@WebServer ~]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:GuangDong
Locality Name (eg, city) [Default City]:GuangZhou
Organization Name (eg, company) [Default Company Ltd]:Test
Organizational Unit Name (eg, section) []:Test
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:ca
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@WebServer ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

執行上述命令後將產生3個文件，分別是server.key、server.csr和server.crt ,接着將3個文件複製到/webserver/httpd/conf/ca

[root@WebServer ~]# mkdir /webserver/httpd/conf/ca/
[root@WebServer ~]# cp -r server.* /webserver/httpd/conf/ca/

3.修改 /webserver/httpd/conf/extra/httpd-ssl.conf

[root@WebServer ~]# vim /webserver/httpd/conf/extra/httpd-ssl.conf
//修改一下位置
SSLCertificateFile "/webserver/httpd/conf/ca/server.crt"
SSLCertificateKeyFile "/webserver/httpd/conf/ca/server.key"

4.修改/webserver/httpd/conf/httpd.conf加載ssl_module和socache_shmcb_module

[root@WebServer ~]# vim /webserver/httpd/conf/httpd.conf
//將一下2句前面的#刪除，或者直接將下面這2句加入配置文件
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so

如果沒有加載socache_shmcb_module將出現

[root@WebServer ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: AH00526: Syntax error on line 76 of /webserver/httpd/conf/extra/httpd-ssl.conf:
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
                                                           [FAILED]

5.重啓httpd服務即可

[root@WebServer ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

6.測試