Steps for adding the SSL feature to Apache

Overview: 1. Generate a server key file 2. Generate a server key file based on the key file. csr file 3. Submit. csr to CA4, CA according. csr creation. crt Certificate file (server certificate issued after CA authentication) and. ca file (the Public Key Certificate of the Organization). If you test the certificate yourself, you can create a Certificate Server for yourself.

Overview:
======================================
1. Generate the server key file
2. Generate a. csr file based on the key file
3. Submit. csr to CA
4. CA according. csr creation. crt Certificate file (server certificate issued after CA authentication) and. ca file (the Public Key Certificate of the Organization). If you test the certificate yourself, you can make a certificate for yourself.

The server must be placed on:
1. decrypt-key file after decryption. key
2. crt Certificate file
3. ca intermediate Certificate file (optional)
======================================


Take abc.com as an example. steps:
1: Generate. key

1. /Usr/bin/openssl genrsa-des3-OutAbc.com. key 1024
2. Enter pass phraseForAbc.com. key: enter the password to protect the key file. 
   
   To decrypt the private key:

1. /Usr/bin/openssl rsa-InAbc.com. key-OutAbc.com. decrypt-key

2: Generate. csr Based on. key

1. /Usr/bin/openssl req-New-Key abc.com. key-OutAbc.com. csr
2. Please enter the following'ExTrA'Attributes
3. To be sent with your certifiCatE request
4. A challenge password []: enter A random string to generate the. csr file.
   
   3: Submit the. csr file to the CA so that they can create the. crt Certificate file and the ca file.

You can use the followingCommand:

1. /Usr/bin/openssl x509-InAbc.com. csr-OutAbc.com. crt-req-signkey abc.com. key-days 365

4: After receiving the CA (or self-made). crt Certificate file and ca file, go to the server:
. Key File:/home/admin/conf/apache/ssl. key/abc.com. decrypt-key
. Crt file:/home/admin/conf/apache/ssl. crt/abc.com. crt
. Ca file:/home/admin/conf/apache/ssl. crt/abc.com. ca

Httpd. Conf configuration:

1. ################################
2. MaxClients 96
3. ADdDefaultCharSetGBK
4. Namevirtualhost*: 443
5. ServerName abc.com
6. DocumentRoot/home/admin/share/htdocs
7. DirectoryIndex index.html 
8. # SSL infoRmAtion www. linuxIdC.com
9. SSLEngine on
10. SSLCertificateFile/home/admin/conf/apache/ssl. crt/abc.com. crt
11. SSLCertificateKeyFile/home/admin/conf/apache/ssl. key/abc.com. decrypt-key 
12. # SSLCACertificate * is necessary if you have a Global-ID certificate 
13. #SuCh as the Thawte * .yahoo.com certificate
14. SSLCACertificatePath/home/admin/conf/apache/ssl. crt
15. SSLCACertificateFile/home/admin/conf/apache/ssl. crt/abc.com. ca 
16. ################################

Note: how to configure multiple SSL applications on the same machine
Generally, only one SSL certificate is allowed for the same IP address or port.
However, the following solutions can be used:
Deploy multiple SSL certificates on different ports of the same IP address.
Deploy multiple SSL certificates for different IP addresses on the same port.

Possible problems during Configuration:

1. openssl. cnf may not be found in windows. The conf/openssl. cnf in the apache root directory is. You need to add-config con/openssl. cnf in the command to solve the problem.

2. If the configured ssl access page prompts SSL receivEdA record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long) may be 1) virtual machine configuration Error; 2) it may be because the port is directly written in the url during access, but the real cause is not that the port is displayed, most of them are caused by virtual machine configuration errors.