參考文件:
http://wiki.centos.org/zh-tw/HowTos/Https
http://120.105.184.250/cswang/thit/Linux/AdvApache-SSL.htm
http://www.weithenn.org/cgi-bin/wiki.pl?SSL_Certificate-%E8%87%AA%E8%A1%8C%E7%94%A2%E7%94%9F_SSL_%E6%86%91%E8%AD%89
http://www.l-penguin.idv.tw/article/apache-ssl.htm
http://bojack.pixnet.net/blog/post/29718009-%E3%80%90freebsd%E3%80%91apache-%2B-ssl-%E6%86%91%E8%AD%89%E8%A3%BD%E4%BD%9C
安裝 SSL 服務
yum install mod_ssl openssl
產生 SSL 憑證
# 產生私鑰
openssl genrsa -out ca.key 1024
# 產生 CSR
openssl req -new -key ca.key -out ca.csr
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:TW //國碼臺灣是 TW
State or Province Name (full name) [Berkshire]:Taiwan R.O.C //國名臺灣填 Taiwan
Locality Name (eg, city) [Newbury]:Taipei //地名
Organization Name (eg, company) [My Company Ltd]:FORMOSA //組織單位名稱
Organizational Unit Name (eg, section) []:FORMOSA RD //部門名稱
Common Name (eg, your name or your server's hostname) []:wbkuo.twbbs.org //憑證的名稱(通常為網址)
Email Address []:abc@def.com.tw //申請單位的聯絡信箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:按 Enter 直接跳過 //申請書的密碼
An optional company name []:按 Enter 直接跳過 //憑證代辦公司的名稱
# 產生自我簽署的金鑰
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# 複製檔案至正確位置
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
接著我們須要更新 Apache SSL 的設定檔
vim /etc/httpd/conf.d/ssl.conf
請修改路徑至金鑰檔案的儲存位置。如果你採用上面的方法,這會是
SSLCertificateFile /etc/pki/tls/certs/ca.crt
然後在再低數行的位置為憑證金鑰檔案設定正確路徑。如果你按照上面的指引,這會是:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
儲存及離開檔案,然後重新啟動 Apache
/etc/init.d/httpd restart
設定網站
# vim /etc/httpd/conf.d/ssl.conf
同 httpd.conf 的 VirtualHost 設定(待補上說明)
以上測試環境為
CentOS 5.8
openssl-0.9.8e-26.el5_9.1
留言列表
程式設計 (22)
