Load ssl for apache In Debian

Debian: Load ssl for apache-Debian information for the Linux release. See the following for details. Apache1.3.28 + php4 + mysql have been created in Debian, And now ssl is added

Openssl is required. No, debian should be apt.

1. apt-get install libapache-mod-ssl (as prompted by carlos, I searched in debian.org and ssl was not found). lib will be installed in/usr/lib/apache/1.3 /.

2. modules-config apache enable mod_ssl (Note: If php does not work later, add mod_php4)

3. Modify httpd. conf

Add Port 80

Listen 80

Listen 443.

Add a Virtual Machine (not necessarily unavailable. You can also add the following ssl configurations to the global configuration. However, each page jumps out of authentication for a few reasons, so it is easy to add a virtual machine, this is the case on the Internet)



ServerName your. server. name

DocumentRoot/var/www

SSLCertificateKeyFile server. key (generated below)

SSLCertificateFile server. crt (same as above)



4. Generate a certificate

A permanent unix http://www.fanqiang.com/a6/b8/20010722/1305001004.html

The following operations are performed in/etc/apache/. Where should I store the certificate? I have no experience.

Create a CA certificate first,

First, create an RSA private key for the CA,

S-1

Openssl genrsa-des3-out ca. key 1024

The system prompts you to enter PEM pass phrase, that is, the password. Remember to enter it.

Generate the ca. key File, change the file attribute to 400, and place it in a safe place.

S-2

Chmod 400 ca. key

You can use the following command to view its content,

S-3

Openssl rsa-noout-text-in ca. key

Use the RSA key of the CA to create a self-Signed CA certificate (X.509 structure)

S-4

Openssl req-new-x509-days 3650-key ca. key-out ca. crt

Enter the following information:

Country Name: Country Code of two letters in cn

State or Province Name: Name of An Hui Province

Locality Name: Bengbu city Name

Organization Name: Name of Family Network

Organizational Unit Name: Home Department Name

Common Name: Chen Yang your Name

Email Address: sunstorm@263.net Email Address

Generate the ca. crt file, change the file attribute to 400, and place it in a safe place.

S-5

Chmod 400 ca. crt

You can use the following command to view its content,

S-6

Openssl x509-noout-text-in ca. crt

To create a Server Certificate Signing Request,

First, create an RSA private key for your Apache:

S-7

Openssl genrsa-des3-out server. key 1024

Set pass phrase here.

Generate the server. key File, change the file attribute to 400, and place it in a safe place.

S-8

Chmod 400 server. key

You can use the following command to view its content,

S-9

Openssl rsa-noout-text-in server. key

Use server. key to generate the CSR for signing the certificate.

S-10

Openssl req-new-key server. key-out server. csr

Enter some information here, similar to the content in [S-4.

For 'extra 'attributes, no input is required.

You can view the CSR details

S-11

Openssl req-noout-text-in server. csr

You can sign the certificate below. You need to use the script sign. sh ----> in/usr/share/doc/libapache-mod-ssl/example/, I directly cp to/etc/apache /.

S-12

Sign. sh server. csr

You can get the server. crt.

Change the file attribute to 400 and place it in a safe place.

S-13

Chmod 400 server. crt

Delete CSR

S-14

Rm server. csr

Okay, apachectl restart. It is best to configure ssl globally after load modules. If apache cannot start, no error is reported.