很多理論知識這裏就不提了,如果要深入瞭解建議先去了解下理論再來看會很容易看懂,下面直接操了。
環境:
CentOS release 6.8 (Final)
apache-2.4.25
1、查看現有apache是否有編譯安裝過ssl模塊
/usr/local/apache/bin/apachectl -l
2、沒有的話需要添加ssl模塊,apache是以嵌入的方式添加模塊的
/usr/local/apache/bin/apxs -i -c -a -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl /usr/local/apache/bin/apxs -c -i mod_ssl.c /usr/local/apache/bin/apxs -c -i mod_ssl.lo ll /usr/local/apache/modules | grep ssl
3、開啓ssl擴展功能
sed -i 's/\#Include conf\/extra\/httpd-ssl.conf/Include conf\/extra\/httpd-ssl.conf/' /usr/local/apache/conf/httpd.conf sed -n '140p' /usr/local/apache/conf/httpd.conf LoadModule ssl_module modules/mod_ssl.so
4、生成不可信任額證書,公鑰加密,私鑰解密。私鑰加密,公鑰解密
生成服務器私鑰
openssl genrsa -des3 -out server.key 2048
生成服務器證書請求,並按照要求填寫相關證書信息
openssl req -new -key server.key -out server.csr
簽證:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5、修改虛擬主機
sed -n '22,33p' /usr/local/apache/conf/extra/httpd-vhosts.conf # <VirtualHost *:443> ServerAdmin [email protected] DocumentRoot "/var/www/html" ServerName www.www.fangqiweb.org ServerAlias www.fangqi.web.org SSLEngine on SSLCertificateFile /usr/local/apache/conf/server.crt SSLCertificateKeyFile /usr/local/apache/conf/server.key ErrorLog "logs/error/www-error_log" CustomLog "|/usr/local/sbin/cronolog /service/apache/logs/access/www-%Y%m%d_log" combined </VirtualHost>
6、添加監聽端口
sed -i '53a\Listen 443' httpd.conf
7、檢查語法,重啓apache
/usr/local/apache/bin/apachectl -t /usr/local/apache/bin/apachectl restart
8、測試訪問
9、如果訪問不了
防火牆是否允許了https通過
vhost配置文件是否配置錯誤
apache的主配置文件是否有錯誤,或者缺少vhost裏的目錄位置信息
apache的監聽端口是否開啓
apache是否有正確添加ssl模塊
常見錯誤:
/usr/local/apache/bin/apachectl -t
httpd: Syntax error on line 141 of /usr/local/apache-2.4.25/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: /usr/local/apache-2.4.25/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog
解決:
/usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl