Load ssl for apache In Debian

Source: Internet
Author: User
Tags openssl rsa openssl x509
Debian: Load ssl for apache-Debian information for the Linux release. See the following for details. Apache1.3.28 + php4 + mysql have been created in Debian, And now ssl is added

Openssl is required. No, debian should be apt.

1. apt-get install libapache-mod-ssl (as prompted by carlos, I searched in debian.org and ssl was not found). lib will be installed in/usr/lib/apache/1.3 /.

2. modules-config apache enable mod_ssl (Note: If php does not work later, add mod_php4)

3. Modify httpd. conf

Add Port 80

Listen 80

Listen 443.

Add a Virtual Machine (not necessarily unavailable. You can also add the following ssl configurations to the global configuration. However, each page jumps out of authentication for a few reasons, so it is easy to add a virtual machine, this is the case on the Internet)



ServerName your. server. name

DocumentRoot/var/www

SSLCertificateKeyFile server. key (generated below)

SSLCertificateFile server. crt (same as above)



4. Generate a certificate

A permanent unix http://www.fanqiang.com/a6/b8/20010722/1305001004.html

The following operations are performed in/etc/apache/. Where should I store the certificate? I have no experience.

Create a CA certificate first,

First, create an RSA private key for the CA,

S-1

Openssl genrsa-des3-out ca. key 1024

The system prompts you to enter PEM pass phrase, that is, the password. Remember to enter it.

Generate the ca. key File, change the file attribute to 400, and place it in a safe place.

S-2

Chmod 400 ca. key

You can use the following command to view its content,

S-3

Openssl rsa-noout-text-in ca. key

Use the RSA key of the CA to create a self-Signed CA certificate (X.509 structure)

S-4

Openssl req-new-x509-days 3650-key ca. key-out ca. crt

Enter the following information:

Country Name: Country Code of two letters in cn

State or Province Name: Name of An Hui Province

Locality Name: Bengbu city Name

Organization Name: Name of Family Network

Organizational Unit Name: Home Department Name

Common Name: Chen Yang your Name

Email Address: sunstorm@263.net Email Address

Generate the ca. crt file, change the file attribute to 400, and place it in a safe place.

S-5

Chmod 400 ca. crt

You can use the following command to view its content,

S-6

Openssl x509-noout-text-in ca. crt

To create a Server Certificate Signing Request,

First, create an RSA private key for your Apache:

S-7

Openssl genrsa-des3-out server. key 1024

Set pass phrase here.

Generate the server. key File, change the file attribute to 400, and place it in a safe place.

S-8

Chmod 400 server. key

You can use the following command to view its content,

S-9

Openssl rsa-noout-text-in server. key

Use server. key to generate the CSR for signing the certificate.

S-10

Openssl req-new-key server. key-out server. csr

Enter some information here, similar to the content in [S-4.

For 'extra 'attributes, no input is required.

You can view the CSR details

S-11

Openssl req-noout-text-in server. csr

You can sign the certificate below. You need to use the script sign. sh ----> in/usr/share/doc/libapache-mod-ssl/example/, I directly cp to/etc/apache /.

S-12

Sign. sh server. csr

You can get the server. crt.

Change the file attribute to 400 and place it in a safe place.

S-13

Chmod 400 server. crt

Delete CSR

S-14

Rm server. csr

Okay, apachectl restart. It is best to configure ssl globally after load modules. If apache cannot start, no error is reported.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.