| « | September 2025 | » | | 日 | 一 | 二 | 三 | 四 | 五 | 六 | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | | | | | |
|
| 公告 |
我近期在研究Maven、Turbine、EJB,如果有朋友想一起交流学习,请加我的MSN:moshco_zhu@hotmail.com!
你为什么来,你何必来,叫我怎么见你!
--《小城之春》 |
| 
|
本站首页 管理页面 写新日志 退出
 [01 技术文档]给Apache加上SSL |
给Apache加上SSL
------------------------------------------------------------------------
1.下载
Apache 选择带openssl的版本,这样可以省去下载OpenSSL,我下载的是apache_2.2.6-win32-x86-openssl-0.9.8e.msi。 地址:http://apache.mirror.phpchina.com/httpd/binaries/win32/
2.安装配置
安装Apache是很简单的,就不多说了!我安装的路径是[D:\Apache2.2]。
打开文件[D:\Apache2.2\conf\httpd.conf],去掉下面一行的注释(前面的#): ----------------------------------------- #LoadModule ssl_module modules/mod_ssl.so -----------------------------------------
取消下面一行的注释: ----------------------------------------- #Include conf/extra/httpd-ssl.conf -----------------------------------------
打开文件[D:\Apache2.2\conf\extra\httpd-ssl.conf]
把下面的内容都注释掉(前面分别加上#) ----------------------------------------- DocumentRoot "D:/Apache2.2/htdocs" ServerName moshco:443 ServerAdmin moshco@163.com ErrorLog "D:/Apache2.2/logs/error_log" TransferLog "D:/Apache2.2/logs/access_log" -----------------------------------------
把[#SSLMutex "file:D:/Apache2.2/logs/ssl_mutex"]修改为[SSLMutex default];
找到[SSLCertificateFile]、[SSLCertificateKeyFile],注意他们后面的文件名和路径;等会生成的认证文件要对应起来。
3.生成认证文件
把[D:\Apache2.2\conf\openssl.cnf]拷贝到[D:\Apache2.2]下。
Dos状态下进入[D:\Apache2.2],分别输入下面的命令:
第一条: ----------------------------------------- bin\openssl req -new -out server.csr -config openssl.cnf ----------------------------------------- 首先要求你输入密码,我输入的是:[Tightly imprisons the gate which the song (1) manner passes in and outto be locked, crawls the hole for the dog to open wide, a sound pitchis calling: - Crawls, is free for you! I long for the freedom, but Ideeply deeply knew how - person's stature can crawl from the dog hole!I hoped has under a world the raging fire, live coffin burns in oncemy Lian the Zhei, I should and warm-blooded center obtain aquaticallyin the raging fire! ],记住输入的时候它不会有什么反应,而且前后两次必须输入相同,如果你是粘贴的,粘贴完一次后回车,系统会要你确认,再粘贴一次就可以了。 第二次会要你输入国家名称,你可以输入[CN],不要超过两个字符; 第三次是省会名字,输入[10]等; 第四次是城市,输入[BJ]; 第五次要求输入公司,输入[MHFO]; 第六次是部门,输入[]; 第七次比较重要,输入你的服务器的名字[moshco],如果有域名,要输入网站域名,或者IP; 第八次是Email地址,输入[moshco@163.com]; 第九次是一个密码,输入[Helloworld] 第十次是公司组织,输入[MHFO];
结束,会创建几个文件[.rnd、privkey.pem、server.csr] 下面是我的输入 ----------------------------------------- D:\Apache2.2>bin\openssl req -new -out server.csr -config openssl.cnf Loading 'screen' into random state - done Generating a 1024 bit RSA private key ..++++++ .++++++ writing new private key to 'privkey.pem' Enter PEM pass phrase: 输入的是密码,不会显示出来 Verifying - Enter PEM pass phrase: 确认密码,不会显示出来 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:10 Locality Name (eg, city) []:BJ Organization Name (eg, company) [Internet Widgits Pty Ltd]:MHFO Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:moshco 你的网站的域名或IP地址 Email Address []:moshco@163.com
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Helloworld An optional company name []:MhFO
D:\Apache2.2> -----------------------------------------
第二条: ------------------------------------------ bin\openssl rsa -in privkey.pem -out server.key ------------------------------------------ 要求输入前面输入的密码[Tightly imprisons the gate which the song (1) manner passes in and outto be locked, crawls the hole for the dog to open wide, a sound pitchis calling: - Crawls, is free for you! I long for the freedom, but Ideeply deeply knew how - person's stature can crawl from the dog hole!I hoped has under a world the raging fire, live coffin burns in oncemy Lian the Zhei, I should and warm-blooded center obtain aquaticallyin the raging fire! ]。输入的时候也不会有任何反应。会创建文件[server.key]
第三条: ------------------------------------------ bin\openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 ------------------------------------------ 创建一个在3650天内有效的证书[server.crt]
将新创建的这些文件[.rnd、privkey.pem、server.csr、server.key、server.crt]拷贝到[D:\Apache2.2\conf]下。完成!
重新启动服务器,输入[https://moshco/]。
4.只提供SSL访问
如果你想只提供https的方式访问,你可以这样: 打开文件[D:\Apache2.2\conf\httpd.conf],修改[Listen 80]为[#Listen 80],修改[ServerName moshco:80]为[ServerName moshco:443],从新启动服务。
|
阅读全文(3383) | 回复(0) | 编辑 | 精华 |
|
