1. Check that the mod_ssl module is installed.
My machine is centos and the system. Run the following command:
Yum install-y mod_ssl
2. Use openssl tools to Generate Keys, certificate request files, and certificates
Run the following command in the/usr/local/httpd directory.
2.1 generate a key
Openssl genrsa 1024> server. key
Note: The 128-bit rsa algorithm is used to generate the key and obtain the server. key File.
2.2 generate a certificate request file
Openssl req-new-out server. csr
Note: This is to use the key in step 1 to generate the certificate request file server. csr. Many questions are raised in this step.
2.3 generate a certificate
Command: openssl req-x509-days 365-key server. key-in server. csr> server. crt
Note: This is to generate the Certificate server. crt using the key and certificate request in step 1 and 2. The-days parameter specifies the certificate validity period, in days
3. Configure apache
Modify httpd. conf
LoadModule ssl_module/usr/lib64/httpd/modules/mod_ssl.so
Listen 443.
Namevirtualhost*: 443
<VirtualHost *: 443>
# General setup for the virtual host
DocumentRoot "/usr/local/httpd/htdocs/ssl"
ServerName ssl.baishiz.com: 443
ServerAdmin you@example.com
ErrorLog "/usr/local/httpd/logs/error_log"
TransferLog "/usr/local/httpd/logs/access_log"
SSLEngine on
SSLProtocol all-SSLv2
SSLCipherSuite HIGH: MEDIUM :! ANULL :! MD5
SSLCertificateFile "/usr/local/httpd/server. crt"
SSLCertificateKeyFile "/usr/local/httpd/server. key"
<FilesMatch "\. (cgi | shtml | phtml | php) $">
SSLOptions + StdEnvVars
</FilesMatch>
<Directory "/usr/local/httpd/cgi-bin">
SSLOptions + StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
Nokeepalive ssl-unclean-shutdown \
Downgrade-1.0 force-response-1.0
CustomLog "/usr/local/httpd/logs/ssl_request_log "\
"% T % h % {SSL_PROTOCOL} x % {SSL_CIPHER} x \" % r \ "% B"
</VirtualHost>