Debian: Load ssl for apache-Debian information for the Linux release. See the following for details. Apache1.3.28 + php4 + mysql have been created in Debian, And now ssl is added
Openssl is required. No, debian should be apt.
1. apt-get install libapache-mod-ssl (as prompted by carlos, I searched in debian.org and ssl was not found). lib will be installed in/usr/lib/apache/1.3 /.
2. modules-config apache enable mod_ssl (Note: If php does not work later, add mod_php4)
3. Modify httpd. conf
Add Port 80
Listen 80
Listen 443.
Add a Virtual Machine (not necessarily unavailable. You can also add the following ssl configurations to the global configuration. However, each page jumps out of authentication for a few reasons, so it is easy to add a virtual machine, this is the case on the Internet)
A permanent unix http://www.fanqiang.com/a6/b8/20010722/1305001004.html
The following operations are performed in/etc/apache/. Where should I store the certificate? I have no experience.
Create a CA certificate first,
First, create an RSA private key for the CA,
S-1
Openssl genrsa-des3-out ca. key 1024
The system prompts you to enter PEM pass phrase, that is, the password. Remember to enter it.
Generate the ca. key File, change the file attribute to 400, and place it in a safe place.
S-2
Chmod 400 ca. key
You can use the following command to view its content,
S-3
Openssl rsa-noout-text-in ca. key
Use the RSA key of the CA to create a self-Signed CA certificate (X.509 structure)
S-4
Openssl req-new-x509-days 3650-key ca. key-out ca. crt
Enter the following information:
Country Name: Country Code of two letters in cn
State or Province Name: Name of An Hui Province
Locality Name: Bengbu city Name
Organization Name: Name of Family Network
Organizational Unit Name: Home Department Name
Common Name: Chen Yang your Name
Email Address: sunstorm@263.net Email Address
Generate the ca. crt file, change the file attribute to 400, and place it in a safe place.
S-5
Chmod 400 ca. crt
You can use the following command to view its content,
S-6
Openssl x509-noout-text-in ca. crt
To create a Server Certificate Signing Request,
First, create an RSA private key for your Apache:
S-7
Openssl genrsa-des3-out server. key 1024
Set pass phrase here.
Generate the server. key File, change the file attribute to 400, and place it in a safe place.
S-8
Chmod 400 server. key
You can use the following command to view its content,
S-9
Openssl rsa-noout-text-in server. key
Use server. key to generate the CSR for signing the certificate.
S-10
Openssl req-new-key server. key-out server. csr
Enter some information here, similar to the content in [S-4.
For 'extra 'attributes, no input is required.
You can view the CSR details
S-11
Openssl req-noout-text-in server. csr
You can sign the certificate below. You need to use the script sign. sh ----> in/usr/share/doc/libapache-mod-ssl/example/, I directly cp to/etc/apache /.
S-12
Sign. sh server. csr
You can get the server. crt.
Change the file attribute to 400 and place it in a safe place.
S-13
Chmod 400 server. crt
Delete CSR
S-14
Rm server. csr
Okay, apachectl restart. It is best to configure ssl globally after load modules. If apache cannot start, no error is reported.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
