By high-profile [Google: Debian apache2-SSL] Pointing: After trying, it was completed at last night. please correct me.
Apache2 + SSL configuration method in Debian
By high-profile [Google: Debian apache2-SSL] Pointing: After trying, it was completed at last night. please correct me.
Apach2 +SSLStep by step
-------------------------------------------------
Daizhong@gmail.com
20041114
------------------------------------------------
1 apt-Get install apache2-mpm-worker
2 CD/etc/apache2/mod-Enabled
Ln-S/etc/apache2/mod-available/SSL.*.
3 CD/etc/apache2/sites-available
CP defaultSSL
CD/etc/apache2/sites-Enabled
Ln-S/etc/apache2/sites-available/SSL.
Then, modifySSLBy the/usr/share/apache2/config/default-443,
Paste the follow lines into/etc/apache2/sites-available/SSL:
Sslengine on
Sslcertificatefile/etc/apache2/SSL/Apache. pem
# Xxx.xxx.com-SSL. CRT
Sslcertificatekeyfile/etc/apache2/SSL/Apache. pem
# Xxx.xxx.com-SSL. Key
Browsermatch "MSIE [1-4]" nokeepaliveSSL-Unclean-Shutdown
Downgrade-1.0 force-response-1.0
Browsermatch "MSIE [5-9]"SSL-Unclean-Shutdown
Sslciphersuite all :! ADH :! Export56: RC4 + RSA: + high: + medium: + low: + SSLv2: + exp
-- If you have several vhosts, you can use seperate SA file
Xxx.xxx.com-SSL. Key, etc
4 modify the 2 files:
/Etc/apache2/ports. conf -- APPEND "Listen 443"
/Etc/apache2/sites-enabled/SSL-- The top 2 lines change:
Namevirtualhost*: 443
<Virtualhost *: 443>
5 run apache2-SSL-Certification, create the SA file:
/Etc/apache2/SSL/Apache. pem
6/etc/init. d/apache2 restart
The following is a simple process for configuring SSL. Some understandings may be incorrect. If you know, please correct me.
1. APT-Get install apache2.
2. CD/etc/apache2/mod-enabled has been included in apache2.conf. What modules do you want to add,
You only need to add the corresponding module (*. Load) and simple configuration of the module (*. conf) in the mod-availablede ).
3. ln-S/etc/apache2/mod-available/SSL. *. Create an SSL module and simple configuration information.
4. Create information for HTTPS access in sites-available. To facilitate creation, we can CP defaultSSL. Then modifySSL,
ModifySSLPort
Namevirtualhost*: 443
<Virtualhost *: 443>
Then add the SSL authentication information, which should be the simplest configuration. For details, I have not carefully understood it.
Sslcertificatefile/etc/apache2/SSL/Apache. pem
# Xxx.xxx.com-SSL. CRT
Sslcertificatekeyfile/etc/apache2/SSL/Apache. pem
# Xxx.xxx.com-SSL. Key
Browsermatch "MSIE [1-4]" nokeepaliveSSL-Unclean-Shutdown
# Downgrade-1.0 force-response-1.0 // these commands cannot be run, so I logged out.
# Browsermatch "MSIE [5-9]"SSL-Unclean-Shutdown
# Sslciphersuite all :! ADH :! Export56: RC4 + RSA: + high: + medium: + low: + SSLv2: + exp
# -- If you have several vhosts, you can use seperate SA file
# Xxx.xxx.com-SSL. Key, etc
For specific configuration information, see/usr/share/apache2/config/default-443. I have not understood the specific parameter information. Please let me know.
5. Generate the authentication file. In the preceding configuration file, confirm that the authentication file is in/etc/apache2/SSL/Apache. Pem, so let's goSSLRun apache2-SSL-
Cdrtification. Generate Authentication Files Based on the prompts.
6. open port 443 and add listen 443 in port. conf.
7. Restart apache2ctl restart.