apache之https域名证书配置

一.环境:
系统版本是CentOS release 6.8 (Final) x86_64位最小化安装
服务器内核版本:
[root@localhost conf.d]# uname -a
Linux localhost.localdomain 2.6.32-642.15.1.el6.x86_64 #1 SMP Fri Feb 24 14:31:22 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

apache 是采用yum 安装
yum install httpd -y
apache 版本如下:
[root@localhost ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built: Jan 12 2017 17:09:39

二.apache默认的ssl.conf配置文件参数如下:
2.1并配置单个域名证书:
[root@cacti httpd]# cat /etc/httpd/conf.d/ssl.conf |egrep -v “#|"LoadModulesslmodulemodules/modssl.soListen443SSLPassPhraseDialogbuiltinSSLSessionCacheshmcb:/var/cache/modssl/scache(512000)SSLSessionCacheTimeout300SSLMutexdefaultSSLRandomSeedstartupfile:/dev/urandom256SSLRandomSeedconnectbuiltinSSLCryptoDevicebuiltin<VirtualHostwww.onecity.com.cn:443>ErrorLoglogs/sslerrorlogTransferLoglogs/sslaccesslogLogLevelwarnSSLEngineonSSLProtocolallSSLv2SSLCipherSuiteDEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DESSSLCertificateFile/etc/pki/tls/certs/2www.onecity.com.cn.crtSSLCertificateKeyFile/etc/pki/tls/private/3www.onecity.com.cn.keySSLCertificateChainFile/etc/pki/tls/certs/1rootbundle.crt<Files "(˙cgishtmlphtmlphp3?)" LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost www.onecity.com.cn:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES SSLCertificateFile /etc/pki/tls/certs/2_www.onecity.com.cn.crt SSLCertificateKeyFile /etc/pki/tls/private/3_www.onecity.com.cn.key SSLCertificateChainFile /etc/pki/tls/certs/1_root_bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>
以上测试可以https正常访问。

沃通https域名证书申请参考文档:
 https://bbs.wosign.com/forum.php?mod=viewthread&tid=2998&extra=page%3D1
同时腾讯云上可以申请免费的https证书使用一年。

2.2申请多个域名共用一个https证书并在apache ssl.conf配置文件配置:

n.dksj.com o.cpxc.com n.pubbf.com n.wikith.com 四个域名申请共用一个证书:
c.bc12yc.com.crt c.bc12yc.com.key root_bundle.crt
配置多域名共用一个证书配置文件如下:
[root@localhost conf.d]# cat /etc/httpd/conf.d/ssl.conf.2017-12-09 |egrep -v “#|"LoadModulesslmodulemodules/modssl.soListen443SSLPassPhraseDialogbuiltinSSLSessionCacheshmcb:/var/cache/modssl/scache(512000)SSLSessionCacheTimeout300SSLMutexdefaultSSLRandomSeedstartupfile:/dev/urandom256SSLRandomSeedconnectbuiltinSSLCryptoDevicebuiltin<VirtualHostdefault:443>DocumentRoot"/data/code"ServerNamen.dksj.com:443ServerNameo.cpxc.com:443ServerNamen.pubbf.com:443ServerNamen.wikith.com:443ErrorLoglogs/sslerrorlogLogLevelwarnSSLEngineonSSLProtocolallSSLv2SSLv3SSLCipherSuiteAESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;SSLCertificateFile/etc/pki/tls/certs/c.bc12yc.com.crtSSLCertificateKeyFile/etc/pki/tls/private/c.bc12yc.com.keySSLCertificateChainFile/etc/pki/tls/certs/rootbundle.crt<Files "(˙cgishtmlphtmlphp3?)" LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> DocumentRoot "/data/code" ServerName n.dksj.com:443 ServerName o.cpxc.com:443 ServerName n.pubbf.com:443 ServerName n.wikith.com:443 ErrorLog logs/ssl_error_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL; SSLCertificateFile /etc/pki/tls/certs/c.bc12yc.com.crt SSLCertificateKeyFile /etc/pki/tls/private/c.bc12yc.com.key SSLCertificateChainFile /etc/pki/tls/certs/root_bundle.crt <Files ~ "\.(cgi|shtml|phtml|php3?)”>
SSLOptions +StdEnvVars
</Files>
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent “.MSIE.
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”
</VirtualHost>

以上配置文件经测试可以使用

posted @   勤奋的蓝猫  阅读(1)  评论(0编辑  收藏  举报  
相关博文:
阅读排行:
· DeepSeek “源神”启动!「GitHub 热点速览」
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 我与微信审核的“相爱相杀”看个人小程序副业
· C# 集成 DeepSeek 模型实现 AI 私有化(本地部署与 API 调用教程)
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
点击右上角即可分享
微信分享提示