Apache Open SSL Service Tutorial

1, first please confirm that your Apache server has installed encryption module, can be OpenSSL, or openssl+modssl.

If your Apache Web server is installed on a UNIX or Linux platform, you can obtain OpenSSL from the following URLs:

http://www.openssl.org/source/

If your Apache Web server is running on a Windows platform, you can get OpenSSL + Modssl on the following Web site:

http://www.modssl.org/contrib/

2, through the OpenSSL to the Apache server to generate a key pair (key pair)

# OpenSSL Req-new-nodes-keyout private.key-out PUBLIC.CSR

Here you need to answer some questions based on your Apache server's actual information: Country name (Country name), provincial or intercontinental (state or province name), local name (locality name), organization name ( Organization name, organizational unit name (organization), universal name (Common name), email address (email name), private key protection password (a challenge password), Optional company name (a opentional name).

It is important to note here that the name of the country must be the standard abbreviation, China is CN; The universal name must be the FQDN.

3, then, in your current directory will produce two files: Private.key and PUBLIC.CSR.

Private.key is your private key, PUBLIC.CSR is the certificate request file.

4, visit http://demo.sheca.com/testca/TCert1/tcert.asp, apply for a free web site certificate, free only 15 days of the use of the time yo. Put the PUBLIC.CSR request file content into the application page, complete the certificate application work.

5. After applying for the certificate, copy the certificate file to the directory where you just saved your private key and request file.

6, now configure your Apache server http.conf file, open the HTTPS service.

Use an editor (Unix or Linux) to use Vi,windows with Notpad. Please do not use word processing software, such as words, because it will include some invisible control characters.

Add the following:

Sslcertificatefile/etc/ssl/crt/public.der

Sslcertificatekeyfile/etc/ssl/crt/private.key

Please modify the above content according to your certificate and the actual address of your private key.

7, restart your Apache server. You can do this by starting the script.

# Apachectl Stop

# Apachectl Startssl

In this way, your Apache server's 80 and 443 ports are serviced at the same time.