Linux下使用Openssl頒發Apache認證

來源:互聯網
上載者:User

標籤:dex   書籤   Opens   value   direct   oca   注釋   hal   建立   

1安裝openssl

#yum install -y openssl

2進入目錄/etc/pki/tls/certs

#cd /etc/pki/tls/certs

3.產生私密金鑰檔案(key)

#openssl genrsa -des3 -out server.key 1024

4.為了避免每次服務啟動都需要輸入認證密碼,刪除認證密碼

#openssl rsa -in server.key -out server.key

5.用server.key產生認證

#openssl req -new -key server.key -out server.csr#這時候會提示以下資訊:Country Name (2 letter code) [XX]:CN  State or Province Name (full name) []:BeijingLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:NoOrganizational Unit Name (eg, section) []:NewCommon Name (eg, your name or your server‘s hostname) []:NoEmail Address []:[email protected]Please enter the following ‘extra‘ attributesto be sent with your certificate requestA challenge password []:#如果直接斷行符號An optional company name []:#這裡直接斷行符號

6.產生CA的key檔案ca.key和根憑證ca.crt

openssl req -new -x509 -keyout ca.key -out ca.crt#提示資訊和第5步驟類似。

7.用CA認證為server.csr認證簽名

#為了防止報錯,需要提前做一些準備工作#touch /etc/pki/CA/index.txt#echo 01 > /etc/pki/CA/serial#openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../openssl.cnf#這是會提示以下資訊Sign the certificate? [y/n]:y#選擇y1 out of 1 certificate requests certified, commit? [y/n]y#選擇y

8.這時候會得到ca.crt,ca.key,server.crt,server.csr,server.key。
9.將ca.crt,server.crt,server.key發送到apache配置目錄。我的是/usr/local/apache/conf/ssl/
10.哎apache的vhost目錄裡使用

#進入配置目錄,#cd /usr/local/apache/conf#vi httpd.confIncludeOptional conf/vhost/*.conf #去掉注釋,如果沒有則新增#進入vhost目錄#cd /usr/local/apache/conf/vhost#建立一個新的設定檔,名稱自己定義,以.conf為尾碼#vi httpd-vhost-ssl.conf<VirtualHost *:443>ServerAdmin 隨便輸入的郵箱地址php_admin_value open_basedir "/home/www/:/tmp/:/var/tmp/:/proc/"DocumentRoot /home/wwwServerName 網域名稱:443ErrorLog "/home/wwwlogs/error_log"CustomLog "/home/wwwlogs/access_log" combinedSSLEngine onSSLCertificateFile /usr/local/apache/conf/ssl/server.crt#認證的路徑SSLCertificateKeyFile /usr/local/apache/conf/ssl/server.key#認證的路徑#SSLCertificateChainFile /usr/local/apache/conf/ssl/ca.crt#認證的路徑Protocols h2 h2c http/1.1<Directory "/home/www/">    SetOutputFilter DEFLATE    Options FollowSymLinks    AllowOverride All    Order allow,deny    Allow from all    DirectoryIndex index.php index.html</Directory></VirtualHost>

Linux下使用Openssl頒發Apache認證

相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.