one, Apache installation SSL certificate requires three configuration files
Warm tip: Before installing the certificate, please back up the server configuration file you need to modify
1_ROOT_BUNDLE.CRT, 2_DOMAINNAME.COM.CRT, 3_ Domainname.com.key.
Note: These three files are in folder for Apache.zip, where domainname.com is your domain name, 2_ DOMAINNAME.COM.CRT is the public key, and 3_ Domainname.com.key is the private key. (File suffix CRT and CER are of the same nature)
Second, installation certificate
1. Modify the httpd.conf file under Apache.
(1) Open the httpd.conf file in the Conf directory under the Apache installation directory to find
#LoadModule ssl_module modules/mod_ssl.so #Include conf/extra/httpd-ssl.conf
(2) Delete the configuration statement comment symbol "#" at the beginning of the line and save the exit.
2. Modify the Apache Httpd-ssl file.
(1) Open the httpd-ssl.conf file in the Conf/extra directory under the Apache installation directory and look for the following configuration statement in the configuration file:
a). Sslcertificatefile/usr/local/apache/ssl/public.cer (Configure the server certificate public key (2_DOMAINNAME.COM.CRT) to this path, and replace PUBLIC.CRT); b). Sslcertificatekeyfile/usr/local/apache/ssl/private.key (Configure the server Certificate private key (3_domainname.com.key) to this path, replacing Private.key); c). #SSLCertificateChainFile/usr/local/apache/ssl/ca.cer (Remove the "#" comment from the beginning of the line and configure the intermediate CA certificate (1_ROOT_BUNDLE.CRT) to the path). D) Add the following code to any location, specifying the SSL encryption protocol Sslprotocol All-sslv2-sslv3sslciphersuite aesgcm:all:! Dh:! export:! rc4:+high:! medium:! Low:!anull:!enull
(2) Save exit and restart Apache. Restart mode:
Go to the Bin directory under the Apache installation directory and run the following command
./apachectl-k stop./apachectl-k start
Access your site over HTTPS to test the installation configuration of the site certificate.
Replacing the new certificate can replace the old certificate directly with the new certificate, and if it does not take effect, restart the related service.
Restart Apache services under CentOS: Service httpd restart
Restart Apache service under Ubuntu:/etc/init.d/apache2 restart
This article is from the "Cvsblog" blog, make sure to keep this source http://cuis1.blog.51cto.com/8805022/1965122
Installing an SSL certificate under Linux+apache