Configuration record of apache + openssl in linux, apacheopenssl

Configuration record of apache + openssl in linux, apacheopenssl

I recently studied the apache-ssl configuration in linux. I am very careful about writing this configuration. I am sorry to ask new users to send a blog.

Software Environment

Apache Httpd 2.2.29 (http://httpd.apache.org)
OpenSSL 1.0.1h (http://www.openssl.org/source)
SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz)

1. OpenSSL

# Tar zxvf openssl-1.0.1h.tar.gz
# Cd openssl-1.0.1h
#./Config
# Make
# Make install

This will install the latest OpenSSL to the/usr/local/ssl directory, regardless of the existing version of OpenSSL in the system or uninstall it, otherwise, many applications may fail to run normally, for example, errors such as window X being inaccessible.

2. Apache Httpd

# Tar zxvf httpd-2.2.29.tar.gz

# Cd httpd-2.2.29
#./Configure -- prefix =/usr/local/apache/httpd -- enable-ssl = static -- with-ssl =/usr/local/ssl
# Make
# Make install

In this step, install the httpd service in the/apache/httpd directory (specified by the -- prefix parameter), and use -- with-ssl to specify the path of the OpenSSL installation just now, it is used to statically compile mod_ssl into the httpd service.

3. Create a certificate

We must manually generate the certificate used by SSL, a tool available to anyone who is not familiar with the certificate: http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz. The following describes how to generate a certificate using this tool:

# Cp ssl.ca-0.1.tar.gz/usr/local/apache/httpd/conf
# Cd/usr/local/apache/conf
# Tar zxvf ssl.ca-0.1.tar.gz
# Cd ssl. ca-0.1
#./New-root-ca.sh (generate Root Certificate)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...
... ++
E is 65537 (0x10001)
Enter pass phrase for ca. key: 12345 (Enter a password)
Verifying-Enter pass phrase for ca. key: 12345 (Enter the password again)
......
Self-sign the root CA... (sign the root certificate)
Enter pass phrase for ca. key: 12345 (Enter the password you just set)
........
...... (Signing starts below)
Country Name (2 letter code) [MY]: CN
State or Province Name (full name) [Perak]: SD // whatever you like
Locality Name (eg, city) [Sitiawan]: QD // whatever you like
Organization Name (eg, company) [My Directory Sdn Bhd]: GX // whatever you like
Organizational Unit Name (eg, section) [Certification Services Division]: GX // whatever you like
Common Name (eg, MD Root CA) []: gaoxin.com // whatever you like
Email Address []: 12345@163.com // whatever you like
In this way, the ca. key and ca. crt files are generated. The following also generates a certificate for our server:
#./New-server-cert.sh server (the Certificate Name is server)
......
......
Country Name (2 letter code) [MY]: CN
State or Province Name (full name) [Perak]: SD
Locality Name (eg, city) [Sitiawan]: QD
Organization Name (eg, company) [My Directory Sdn Bhd]: GX
Organizational Unit Name (eg, section) [Secure Web Server]: GX
Common Name (eg, www.domain.com) []: gaoxiaoit.com (must be different from the preceding one; otherwise, an error is returned)
Email Address []: 123456@163.com
In this way, the two files server. csr and server. key are generated.
You need to sign the signature before using it:
#./Sign-server-cert.sh server
CA signing: server. csr-> server. crt:
Using configuration from ca. config
Enter pass phrase for./ca. key: 12345 (Enter the root certificate password set above)
Check that the request matches the signature
Signature OK
The Subject's Distinguished Name is as follows
CountryName: PRINTABLE: 'cn'
StateOrProvinceName: PRINTABLE: 'gansu'
LocalityName: PRINTABLE: 'lanzhou'
OrganizationName: PRINTABLE: 'lzu'
OrganizationalUnitName: PRINTABLE: 'lzu'
CommonName: PRINTABLE: 'localhost'
EmailAddress: IA5STRING: 'sunyanmeng @ gmail.com'
Certificate is to be certified until Jan 19 21:59:46 2011 GMT (365 days)
Sign the certificate? [Y/n]: y
1 out of 1 certificate requests certified, commit? [Y/n] y
Write out database with 1 new entries
Data Base Updated
CA verifying: server. crt <-> CA cert
Server. crt: OK

Configure conf/extr/httpd-ssl.conf

Find # include conf/extra/httpd-ssl.confm remove comments
Follow the settings in the httpd-ssl.conf to place the certificate in the appropriate place.

# Cd ..
# Mkdir ssl. key
# Mv ssl. ca-0.1/server. key ssl. key
# Mkdir ssl. crt
# Mv ssl: ca-0.1/server. crt ssl. crt
Then you can start it!
# Cd/usr/local/apache
Note that startssl is not supported after apache2.2, so you only need start.
#./Bin/apachectl start

4. Test the HTTP service

Open the address in the browser: https: // 127.0.0.1 !!

In the linux apache php environment, how does one configure the php openssl module? You can provide some related articles

Php is compiled by yourself or installed using yum install? Here is a document

Http: // www. alixixi. com/program/a/2011070572159.shtml

I have installed apache + php + mysql. How can I enable apache to support OpenSSL?

Simple configuration of OS in apache + PHP + Mysql in linux: RedHat AS4 (1 ). apache installation download wget -2.0.55.tar.gz unzip tar zxvf httpd-2.0.55.tar.gz configure cd httpd-2.0.55. /configure -- prefix =/usr/local/apache-2.0.55 \ -- with-mpm = prefork \ -- enable-vhost-alias \ -- enable-rewrite \ -- enable-expires \ -- enable -so compile and install make & make install (2 ). modify the configuration file cd/usr/local/apache-2.0.55/conf vi httpd. conf KeepAlive Off ?? # Change on to off and disable the persistent connection StartServers ???? 5 MinSpareServers ?? 5 MaxSpareServers? 10 ServerLimit ?? 4000 ?? # This line must be greater than MaxClients, but smaller than 20000 MaxClients ?? 2000 ?? # According to the memory size, generally the 1 GB memory is 2000 MaxRequestsPerChild? 0 Note: ServerName can be changed to a domain name or local ip address cd/usr/loca/apache-2.0.55/bin start :. /Close apachectl start :. /apachectl stop (3 ). add the PHP module and support Mysql 1. mysql installation cd/soft/download wget-4.0/mysql-4.0.26.tar.gz/from // unzip tar zxvf mysql-4.0.26.tar.gz to configure cd mysql-4.0.26. /configure-prefix =/usr/local/mysql-4.0.26 compile and install make install to start mysql: cd/soft/mysql-4.0.26 cp support-files/my-medium.cnf/etc/my. cnf groupadd mysql ???? # Add a mysql user and group useradd-g mysql/usr/local/mysql-4.0.26/bin/mysql_install_db? # Initialize the permission table & n