Apache Server Configuration HTTPS

Https://startssl.com This site can provide us with a trusted HTTPS certificate for free, here is a brief introduction to the configuration process.
First the server needs to install the Mod_ssl.so module for OpenSSL and Apache, and the module needs to be opened in httpd.conf.
By doing this, you can use OpenSSL to generate your own certificate.
Here's some knowledge you need to know.
HTTPS throughout the service, you need to understand the role of these files:

    server.key 服务器的私钥    server.crt 服务器的证书文件    server.csr 服务器证书请求文件    root.crt   根证书

These files are generated in this way
Run first

    openssl req -new -nodes -keyout chorder.net.key -out chorder.net.csr

Generating a server certificate and a server certificate request file, you will be asked to enter many information and passwords about the certificate.
After this step is completed, two files are generated, Chorder.net.key and CHORDER.NET.CSR
Register your account on the STARTSSL website and submit your generated. CSR file so that Startssl generates a
Server certificate and Root certificate.
Copy the two. CRT-terminated certificates to the server's/etc/pki/tls/certs/, and copy the. Key and. CSR files to/etc/pki/tls/private/. (for CentOS server only, other servers please Baidu).
You will also need to link the CERT.PEM (if not one) under/etc/pki/tls/to/ETC/PKI/TLS/CERTS/ROOT.CRT
This will not be reported sec_error_unknown_issuer this error when it is accessed in Firefox browser.
This CERT.PEM is a certificate chain, and only if your server certificate is included in the certificate chain of the STARTSSL Web site will the client consider your certificate to be trustworthy.

Finally, modify the two files.
One is/etc/httpd/conf.d/ssl.conf, modify the following content

Specifying server certificates

    SSLCertificateFile /etc/pki/tls/certs/chorder.net.crt

Specify the server private key

    SSLCertificateKeyFile /etc/pki/tls/private/chorder.net.key

Specify the server certificate chain (from start COM)

    SSLCertificateChainFile /etc/pki/tls/certs/root-bundle.crt

Then modify the/etc/httpd/conf/httpd.conf file to create the configuration for your host (I am a virtual host)
My configuration is as follows

    NameVirtualHost *:443    <VirtualHost *:443>        SSLEngine on        SSLCertificateFile /etc/pki/tls/certs/chorder.net.crt        SSLCertificateKeyFile /etc/pki/tls/private/chorder.net.key        SSLCertificateChainFile /etc/pki/tls/cert.pem        ServerName chorder.net        ServerAdmin ×××××        DocumentRoot ×××××        ErrorLog ×××××        CustomLog ×××××    </VirtualHost>

The HTTP configuration file is actually a few extra lines.
After configuring these, restart the service and complete.
In addition, if you want to access your domain directly to the HTTPS port, you can write a JS to jump, if you feel
Writing the code is too cumbersome, you can add these two lines to the root directory of the. htaccess file to help you jump automatically:

    RewriteCond %{SERVER_PORT} !^443$    RewriteRulehttps://%{SERVER_NAME}/$1 [R]

That is, the default port is specified as 443, and all HTTP requests are rewritten as HTTPS.

Apache Server Configuration HTTPS