Linux under Apache+openssl configuration record

Source: Internet
Author: User

Recently in the study of Linux under the Apache-ssl configuration, write some personal tips, new hair bo, please forgive me.

Software Environment

Apache Httpd 2.2.29 (
OpenSSL 1.0.1h (Http://
Ssl-tools (

1. OpenSSL

#tar ZXVF openssl-1.0.1h.tar.gz
#cd openssl-1.0.1h
#make Install

This will install the latest OpenSSL into the/usr/local/ssl directory, regardless of the existing version of OpenSSL in the system, and do not uninstall it, otherwise it will cause a lot of applications can not be performed properly, such as the X window can not enter the error.

2. Apache Httpd

#tar ZXVF httpd-2.2.29.tar.gz

#cd httpd-2.2.29
#make Install

This step installs the HTTPD service (specified through the parameter--prefix) in the/APACHE/HTTPD directory and uses--with-ssl to specify the path to the OpenSSL that you just installed to compile mod_ssl static into the httpd service.

3. Production Certificate

We have to manually generate SSL for the certificate, for those unfamiliar with the certificate, there is a tool that can be used: Here's how to generate a certificate using this tool:

#tar ZXVF
#./ (Generate root certificate)
No Root CA key round. Generating One
Generating RSA private key, 1024x768 bit long modulus
E is 65537 (0x10001)
Enter pass phrase for ca.key:12345 (enter a password)
Verifying-enter Pass phrase for ca.key:12345 (re-enter password once)
Self-sign the root CA ... (Sign root certificate)
Enter pass phrase for ca.key:12345 (enter the password you just set)
........ (Start signing below)
Country Name (2 letter code) [MY]:CN
State or province name (full name) [PERAK]:SD//whatever you like
Locality Name (eg, city) [SITIAWAN]:QD//whatever you like
Organization Name (eg, company) [My Directory Sdn BHD]:GX//whatever you like
Organizational Unit Name (eg, section) [Certification Services DIVISION]:GX//whatever you like
Common Name (eg, MD Root CA) [] you like
Email Address []:[email protected]//as You like
This generates two files for Ca.key and CA.CRT, as well as a certificate for our server:
#./ server (the name of this certificate is server)
Country Name (2 letter code) [MY]:CN
State or province name (full name) [PERAK]:SD
Locality Name (eg, city) [Sitiawan]: QD
Organization Name (eg, company) [My Directory Sdn BHD]:GX
Organizational Unit Name (eg, section) [Secure Web SERVER]:GX
Common Name (eg, [] (must be different from above, otherwise error)
Email Address []
This generates the two files of SERVER.CSR and Server.key.
You also need to sign up to use:
#./ Server
Using Configuration from Ca.config
Enter pass phrase for./ca.key:12345 (Enter the root certificate password set above)
Check that the request matches the signature
Signature OK
The Subject ' s distinguished Name is as follows
Countryname:printable: ' CN '
Stateorprovincename:printable: ' Gansu '
Localityname:printable: ' Lanzhou '
Organizationname:printable: ' Lzu '
Organizationalunitname:printable: ' Lzu '
commonname:printable: ' localhost '
emailaddress:ia5string: ' [email protected] '
Certificate is to be certified until Jan 21:59:46 GMT (365 days)
Sign the certificate? [Y/n]:y
1 out of 1 certificate requests certified, commit? [Y/n]y
Write out database with 1 new entries
Data Base Updated

Configure conf/extr/httpd-ssl.conf

Find # include CONF/EXTRA/HTTPD-SSL.CONFM Remove comments
Follow the settings in httpd-ssl.conf to place the certificate in the appropriate location.

# CD:
# mkdir Ssl.key
# MV Ssl.key
# mkdir SSL.CRT
Then you can start it!
# Cd/usr/local/apache
Note that STARTSSL is not supported after apache2.2, so use start only
#./bin/apachectl Start

4. Testing the HTTP Service

Open address with browser: finished!!

Linux under Apache+openssl configuration record

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.