Linux+Apache+openssl

Linux+Apache+openssl实现https验证

apache2.0 https

首先安装SSL，再编译安装APACHE，再配置证书即可 1.下载apache和openssl 网址：http://www.apache.org http://www.openssl.org 2.解压

#tar zxvf httpd-2.0..tar.gz #tar zxvf openssl-0.9.7g.tar.gz

3.编译安装openssl,这个软件主要是用来生成证书： #cd openssl-0.9.7g #./config #make #make test #make install

把openssl放进内核目录下，使其在任何目录下都能运行。 #cd /usr/local/bin

#ln -s /usr/local/ssl/bin/openssl openssl 4.编译安装apache #cd /opt/httpd-2.0.

#./configure --prefix=\"/opt/apache2\" --enable-so --enable-ssl --with-ssl=\"/usr/local/ssl/bin\" #make

#make install

5.安装完毕，生成证书：

在/opt/apache2/conf下建立一个ssl.key目录 #cd ../apache2/ #cd conf/ #mkdir ssl.key

然后在该目录下生成证书： #cd ssl.key/ 生成服务器私钥：

#openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .......................++++++

.................................................++++++ e is 65537 (0x10001)

Enter pass phrase for server.key:

Verifying - Enter pass phrase for server.key: 生成服务器证书请求，并按要求填些相关证书信息： #openssl req -new -key server.key -out server.csr Enter pass phrase for server.key:

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Country Name (2 letter code) [AU]:

State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:tyl

Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz Organizational Unit Name (eg, section) []:tz Common Name (eg, YOUR name) []:tyl Email Address []:tangyl@ruyi.com

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: 签证：

# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.crt Signature ok

subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tan

gyl@ruyi.com

Getting Private key

Enter pass phrase for server.key:

为了安全，然后我们把这些文件的权限都设为400 chmod 400 server.key chmod 400 server.cert

最后对/opt/apache2/conf/ssl.conf 进行修改： vi /opt/apache2/conf/ssl.conf 修改的地方如下几处：

#SSLCertificateFile /opt/apache2/conf/ssl.crt/server.crt #108行 SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert #SSLCertificateFile /opt/apache2/conf/ssl.crt/server-dsa.crt

SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key #116行 #SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server-dsa.key 这样我们就基本配好了ssl现在我们来让apache启动ssl /opt/apache2/bin/apachectl start

然后要求输入证书密码，正确输入后ssl就连同apache一起启动

在浏览器中输入：https://localhost

要求下载证书，OK~好了~结束~就是这么简单。

参考：http://www.szlangxing.com/Article/gyw/200504/524.html http://www.chinaunix.net/jh/13/469276.html