Apache Configuration HTTPS

Apache Configuration HTTPS
First, Yum installs OpenSSL and Openssl-devel,httpd-devel

Second, generate the certificate:
OpenSSL genrsa-des3 1024x768 >/usr/local/apache/conf/server.key establishing a Server key
OpenSSL rsa-in/usr/local/apache/conf/server.key >/usr/local/apache/conf/server2.key remove password from key (to avoid asking for password after system boot)
Mv/usr/local/apache/conf/server2.key/usr/local/apache/conf/server.key
OpenSSL REQ-NEW-KEY/USR/LOCAL/APACHE/CONF/SERVER.KEY-OUT/USR/LOCAL/APACHE/CONF/SERVER.CSR establishing a server key request file
5>openssl x509-in/usr/local/apache/conf/server.csr-out/usr/local/apache/conf/server.crt-req-signkey/usr/ Local/apache/conf/server.key-days 365 establishing a server certificate

Third, modify the Apache configuration file httpd.conf

To open the SSL module:
LoadModule Ssl_module modules/mod_ssl.so

Introduce SSL configuration files and increase support for SSL:
Include conf/extra/httpd-ssl.conf (Remove comments from the beginning of the line)

Start redirection (optional), automatically redirect to HTTPS with user HTTP access, and add the following at the end of the httpd.conf file:
<ifmodule rewrite_module>

Rewriteengine on

Rewritecond%{server_port}!^443$

Rewriterule ^/? (. *) $ https://%{server_name}/$1 [L,r]
</IfModule>

Iv. Modifying encrypted files httpd-ssl.conf, configuring certificates and keys
Sslcertificatefile "/USR/LOCAL/APACHE/CONF/SERVER.CRT"
Sslcertificatekeyfile "/usr/local/apache/conf/server.key"

V. Restart Apache
/usr/local/apache/bin/apachectl-k restart
Enter the https://domain name in the browser, if you can access it correctly, it indicates that HTTPS has been configured successfully.

Start Apache encounters the following problem:
Invalid command ' Sslpassphrasedialog ', perhaps misspelled or defined by a module no included in the server configuration
Execute below the Apache Bin directory./httpd-l See if there is a mode_ssl.c, this error indicates that the SSL module installation was unsuccessful.
Workaround:
1. Recompile Apache, plus--enable-ssl--with-ssl parameters

2, add the SSL module to the already compiled Apache
First, use the Whereis OpenSSL command to get the path to Lib and include
[Email protected]/usr/local/apache/modules]# Whereis OpenSSL
OpenSSL:/usr/bin/openssl/usr/lib/openssl/usr/include/openssl/usr/share/man/man1/openssl.1ssl.gz
Then under the Apache Source Modules/ssl folder, use the command/usr/sbin/apxs-i-a-d have_openssl=1-i/usr/include/openssl/-l/usr/lib/openssl/-C *.C-LCRYPTO-LSSL-LDL (Apxs need to install http-devel only, though, I still did not compile successfully, so I have compiled this module on the machine to copy mod_ssl.so to the Apache module directory/usr/local/ Apache/modules)

Reference: http://blog.csdn.net/zilong00007/article/details/7285895

http://blog.csdn.net/newjueqi/article/details/9855307

Apache Configuration HTTPS