Apache SSL encryption Configuration

Introduction: This is a detailed page of Apache SSL encryption configuration. It introduces PHP, related knowledge, skills, experience, and some PHP source code.

Class = 'pingjiaf' frameborder = '0' src = 'HTTP: // biancheng.dnbc?info/pingjia.php? Id = 339585 'rolling = 'no'>

The certificate used by SSL can be generated by itself, or through a commercial Ca (such as Verisign or
Thawte) sign the certificate. Question about issuing a certificate: if you are using a commercial certificate, please refer to the related seller's instructions for specific signing methods; if you are a friend-issued certificate, you can use OpenSSL
Built-in ca. Sh script tool. If a certificate is not issued for a separate client, the client certificate does not need to be generated. The client and the server use the same certificate.

1.The main parameter configurations in the conf/SSL. conf configuration file are as follows:
:
Listen 443.
Sslpassphrasedialog buildin
# Sslpassphrasedialog Exec:/path/to/Program
Sslsessioncache DBM:/usr/local/apache2/logs/ssl_scache
Sslsessioncachetimeout 300
Sslmutex file:/usr/local/apache2/logs/ssl_mutex TP-Link

# General setup for the virtual host
DocumentRoot "/usr/local/apache2/htdocs"
servername www.example.com: 443
serveradmin you@example.com
errorlog/usr/local/apache2/logs/error_log
transferlog/usr/local/apache2/logs/access_log
sslengine on
sslciphersuite all :! ADH :! Export56: RC4 + RSA: + high: + medium: + low: + SSLv2: + exp: + enull
sslcertificatefile/usr/local/apache2/CONF/SSL. CRT/server. CRT
sslcertificatekeyfile/usr/local/apache2/CONF/SSL. key/server. key
customlog/usr/local/apache2/logs/ssl_request_log "% T % H % {ssl_protocol} X % {ssl_cipher} X" % R "% B"

2. create and use a self-signed certificate
:
. Create a RSA private key for your Apache server
/usr/local/OpenSSL/bin/OpenSSL genrsa-des3-out/usr/ local/apache2/CONF/SSL. key/server. key 1024
B. Create a Certificate Signing Request (CSR)
/usr/local/OpenSSL/bin/OpenSSL req-New-key
/usr/local/apache2/CONF/SSL. key/server. key-out
/usr/local/apache2/CONF/SSL. key/server. CSR
C. Create a self-Signed CA certificate (X509 structure) with the RSA key of the Ca
/usr/local/OpenSSL/bin/OpenSSL req-X509-days 365-key
/usr /local/apache2/CONF/SSL. key/server. key-in
/usr/local/apache2/CONF/SSL. key/server. CSR-out
/usr/local/apache2/CONF/SSL. CRT/server. CRT
/usr/local/OpenSSL/bin/OpenSSL genrsa 1024-out server. key
/usr/local/OpenSSL/bin/OpenSSL req-New-key server. key-out server. CSR
/usr/local/OpenSSL/bin/OpenSSL req-X509-days 365-key server. key-in server. CSR-out server. CRT

3.Create your own Ca (certificate) and use this ca to sign the server certificate
:
Mkdir/CA
CD/CA
CP openssl-0.9.7g/apps/CA. sh/CA
./CA. Sh-newcac # P2P implementation guide

OpenSSL genrsa-des3-out server. Key 1024
OpenSSL req-New-key server. Key-out server. CSR
CP server. CSR newreq. pem
./CA. Sh-sign
CP newcert. PEM/usr/local/apache2/CONF/SSL. CRT/server. CRT
CP server. Key/usr/local/apache2/CONF/SSL. Key/

Love J2EE follow Java Michael Jackson video station JSON online tools

Http://biancheng.dnbcw.info/php/339585.html pageno: 8.