Apache 配置https 自签名证书 或者 购卖证书 _fei

Apache  配置https 自签名证书  或者 购卖证书

购卖证书配置

<VirtualHost _default_:443>
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLHonorCipherOrder on
    SSLCertificateFile       /data/server/apache/conf/extra/cert/a_public.crt
    SSLCertificateKeyFile    /data/server/apache/conf/extra/cert/a.key
    SSLCertificateChainFile  /data/server/apache/conf/extra/cert/a_chain.crt

    ServerName 你的域名:443
    DocumentRoot "/data/web/web01/"
    <Directory /data/web/web01/>
        Options FollowSymlinks
        DirectoryIndex index.php
        Allow from all
        AllowOverride All
        Require all granted
    </Directory>
    SSLEngine on
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/data/server/apache/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    CustomLog "/data/server/apache/logs/ssl_request_log" \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

 

自签名证书

利用 openssl 自己生成

#私钥
openssl genrsa -out server.key 2048

#自签名证书
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -extensions usr_cert
执行后,遇到 Common Name (e.g. server FQDN or YOUR name) []:  填写你需要的域名或者ip


-----------------
openssl genrsa -out 127_0_0_1_server.key 2048
openssl req -new -x509 -nodes -sha1 -days 3650 -key 127_0_0_1_server.key -out 127_0_0_1_server.crt -extensions usr_cert

 

其他参考地址:  

Apache 2.4自签名证书及客户端SSL认证

Apache2.4.7配置Https

OpenSSL命令详解