Apache's HTTPS
Installing OpenSSL
___________________________________________________________
http://www.openssl.org/source/ #下载openssl [[Email protected]_server src]# tar xf openssl-1.0.1s.tar.gz[[email protected]_server src]# cd openssl-1.0.1s[[ email protected]_server openssl-1.0.1s]# ./config [[email protected]_server Openssl-1.0.1s]# make && make install------------------------------------Source Installation method [[ email protected]_server src]# wget http://mirrors.cnnic.cn/apache/httpd/ Httpd-2.2.31.tar.gz[[email protected]_server src]# tar xvf httpd-2.2.31.tar.gz[[email  PROTECTED]_SERVER SRC] #cd httpd-2.2.31[[email protected]_server httpd-2.2.31]#./ Configure --prefix=/usr/local/apache2 --with-included-apr --enable-so --enable-deflate= Shared --enable-expires=shared --enable-rewrite=shared --with-pcre --enable-ssl=shared --with-ssl=/usr/local/ssl #此处选择动态模式,--enable-ssl=static --with-ssl=/usr/local/ SSL Select static------------------------------------add extension mode [[email protected]_server openssl-1.0.1s]# cd /usr/local/src/httpd-2.2.31/modules/ssl #务必进入httpd源码目录 [[Email protected]_server ssl]# /usr/local/apache2/bin/apxs -i -c -a -d have_openssl=1 -i /usr/lib/openssl/engines/lib -lcrypto -lssl -ldl *.c #
Error one, error "unrecognized SSL toolkit!, declaration for parameter ' XXXXXX ' but no such parameter
FIX: Add-D have_openssl=1
Error two, undefined Symbol:ssl_cmd_sslmutex
FIX: Apxs compiled append module succeeded, but Apache failed to start. After this error occurs, I change the mod_ssl.c to *.c when I run APXS. Unlike adding mod_deflate, SSL contains multiple source code files
Error three, undefined symbol:x509_info_free
Workaround: The workaround is to add the-LCRYPTO-LSSL-LDL parameter as a result of statically connecting the OpenSSL library (default)
Create a private key
___________________________________________________________
[Email protected]_server modules]# cd/usr/local/ssl/bin/[[email protected]_server bin]# OpenSSL genrsa-out se Rver.key 2048[[email protected]_server bin]# CP Server.key/usr/local/apache2/conf/ssl.key
Generate a certificate request (CSR) file
___________________________________________________________
[[Email protected]_server bin]# openssl req -new -key server.key -out certreq.csr Country Name (2 letter code) [XX]:cn #所在国家的ISO标准代号, China for Cnstate or Province Name (Full name) []:zj #单位所在地省/Municipality locality name (eg, city) [default city]:zs #单位所在地的市/county/District Organization name (Eg, company) [default company ltd]:d x #单位/agency/ Corporate legal name organizational unit name (eg, section) []:zwy #部门名称 Common Name (eg, your name or your&Nbsp;server ' S hostname) []:zwy #此项必须与访问提供SSL服务的服务器时所应用的域名完全匹配 Email Address []: #邮件地址, do not enter, direct enter Skip "extra" attributes #以下信息不必输入, enter skip until the command is complete
Back up the private key and submit a certificate request
___________________________________________________________
Please submit the certificate request file CERTREQ.CSR to the CA service provider (such as Tianwei integrity), and back up save certificate private key file Server.key, waiting for the certificate to be issued. The server certificate key pair must be paired and the loss of the private key file will cause the certificate to be unusable
Obtain the server Certificate Intermediate CA Certificate
___________________________________________________________
To ensure server certificate compatibility on the client side, the server certificate requires the installation of two intermediate CA certificates (different brand certificates, possibly one intermediate certificate).
To obtain the intermediate CA certificate from the message:
Paste the two intermediate CA certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, The middle is separated by a carriage return line break. Modify the file name extension to save as a conf/ssl.crt/intermediatebundle.crt file (if you have only one intermediate certificate, you only need to save and install one intermediate certificate).
Obtaining an EV server certificate
___________________________________________________________
Paste the server certificate contents (including "-----Begin CERTIFICATE-----" and "-----End CERTIFICATE-----") from begin to end in the certificate issuance message into a text editor such as Notepad, Save As SSL.CRT/SERVER.CRT file
Apache Configuration
___________________________________________________________
[[email protected]_server ~]# vim /usr/local/apache2/conf/httpd.conf listen 443[[email protected]_server ~]# vim /usr/local/apache2/conf/extra/ Httpd-vhosts.confnamevirtualhost *:443<virtualhost *:443> documentroot "/data/web/www" ServerName aaa.com:443 ErrorLog "Logs/error.log" CustomLog "Logs/access.log" combined <IfModule mod_ssl.c> SSLEngine on sslcertificatefile /usr/local/apache/conf/ssl.crt/server.crt sslcertificatekeyfile /usr/local/apache/conf/ssl.key/ server.key sslcertificatechainfile /usr/local/apache/conf/ ssl.crt/intermediatebundle.crt </ifmodule></virtualhost>
wrong error : Curl: (+) Error:140770fc:ssl Routines:SSL23_GET_SERVER_HELLO:unknown protocol
Solution: Put 443 virtualhost in front of 80 virtualhost, 80 part namevirtualhost *443 part namevirtualhost *:443
This article is from the "Fuqin Wine" blog, please make sure to keep this source http://szk5043.blog.51cto.com/8456440/1761069
Apache's HTTPS