標籤:dex 書籤 Opens value direct oca 注釋 hal 建立
1安裝openssl
#yum install -y openssl
2進入目錄/etc/pki/tls/certs
#cd /etc/pki/tls/certs
3.產生私密金鑰檔案(key)
#openssl genrsa -des3 -out server.key 1024
4.為了避免每次服務啟動都需要輸入認證密碼,刪除認證密碼
#openssl rsa -in server.key -out server.key
5.用server.key產生認證
#openssl req -new -key server.key -out server.csr#這時候會提示以下資訊:Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:BeijingLocality Name (eg, city) [Default City]:BeijingOrganization Name (eg, company) [Default Company Ltd]:NoOrganizational Unit Name (eg, section) []:NewCommon Name (eg, your name or your server‘s hostname) []:NoEmail Address []:[email protected]Please enter the following ‘extra‘ attributesto be sent with your certificate requestA challenge password []:#如果直接斷行符號An optional company name []:#這裡直接斷行符號
6.產生CA的key檔案ca.key和根憑證ca.crt
openssl req -new -x509 -keyout ca.key -out ca.crt#提示資訊和第5步驟類似。
7.用CA認證為server.csr認證簽名
#為了防止報錯,需要提前做一些準備工作#touch /etc/pki/CA/index.txt#echo 01 > /etc/pki/CA/serial#openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../openssl.cnf#這是會提示以下資訊Sign the certificate? [y/n]:y#選擇y1 out of 1 certificate requests certified, commit? [y/n]y#選擇y
8.這時候會得到ca.crt,ca.key,server.crt,server.csr,server.key。
9.將ca.crt,server.crt,server.key發送到apache配置目錄。我的是/usr/local/apache/conf/ssl/
10.哎apache的vhost目錄裡使用
#進入配置目錄,#cd /usr/local/apache/conf#vi httpd.confIncludeOptional conf/vhost/*.conf #去掉注釋,如果沒有則新增#進入vhost目錄#cd /usr/local/apache/conf/vhost#建立一個新的設定檔,名稱自己定義,以.conf為尾碼#vi httpd-vhost-ssl.conf<VirtualHost *:443>ServerAdmin 隨便輸入的郵箱地址php_admin_value open_basedir "/home/www/:/tmp/:/var/tmp/:/proc/"DocumentRoot /home/wwwServerName 網域名稱:443ErrorLog "/home/wwwlogs/error_log"CustomLog "/home/wwwlogs/access_log" combinedSSLEngine onSSLCertificateFile /usr/local/apache/conf/ssl/server.crt#認證的路徑SSLCertificateKeyFile /usr/local/apache/conf/ssl/server.key#認證的路徑#SSLCertificateChainFile /usr/local/apache/conf/ssl/ca.crt#認證的路徑Protocols h2 h2c http/1.1<Directory "/home/www/"> SetOutputFilter DEFLATE Options FollowSymLinks AllowOverride All Order allow,deny Allow from all DirectoryIndex index.php index.html</Directory></VirtualHost>
Linux下使用Openssl頒發Apache認證