one, installation preparation
1. Installing OpenSSL To enable Apache to support SSL, you need to install OpenSSL support first. Recommended download installation openssl-0.9.8k.tar.gz download OPENSSL:HTTP://WWW.OPENSSL.ORG/SOURCE/TAR-ZXF openssl-0.9.8k.tar.gz //Unzip the installation package CD openssl-0.9.8k //into the unpacked installation package ./config & nbsp; //configuration installation. It is recommended to use the default configuration make && do install //compilation and installation OpenSSL will be installed to/usr/by default Local/ssl
2. Install apache ./configure--prefix=/usr/local/apache--enable-so--enable-ssl--with-ssl=/usr /local/ssl--enable-mods-shared=all //configuration installation. Recommended dynamic compilation module make && make install
The Apache module is dynamically compiled for easy loading and management of modules. Apache will be installed to/usr/local/apache 3. Apply for the certificate I this to Wosign certificate, for example, after the successful application of Wosign certificate, will get a password of the compressed package file, enter the certificate password after extracting five files: Forapache, Foriis, Forngnix, Fortomcat, Forother Server, this is the certificate of several formats, Apache need to use the Forapache format of the certificate. 4. Install the SSL certificateA. Open the httpd.conf file in the Conf directory under the Apache installation directory to find #LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd_ssl.conf Delete the configuration statement comment symbol "#" at the beginning of the line Save exit. B. Open the httpd-ssl.conf file in the Conf/extra directory in the Apache installation directory Locate the following configuration statement in the configuration file to configure the server certificate public key under this path Sslcertificatefile conf/ssl.crt/ DOMIAN.COM.CRT (certificate public key) configures the server certificate private key under this path Sslcertificatekeyfile Conf/ssl.key/domain.com.key (certificate private key) configures the server certificate chain under this path #SS Lcertificatechainfile CONF/SSL.CRT/ROOT_BUNDLE.CRT (certificate chain) Delete the "#" comment at the beginning of the line to save the exit and restart Apache. Restart mode: C, into the Apache installation directory of the bin directory, run the following command./apachectl-k stop./apachectl-k start5. Test installation Results Access https://+ certificate-bound domain name, the test effect is as follows: Deploy finished After completion if the website can not be normal access through HTTPS, you can confirm that the server 443 port is open or blocked by the website defender and other accelerator tools. (1) Open method: Firewall Settings-Exception port-add 443 port (TCP). (2) If blocked by the Security or acceleration tool, you can add 443 to the trust list in the interception record. After rebooting, re-access via HTTPS.
Apache deployment SSL Certificate under Linux