# mkdir -m 700 /usr/local/etc/apache22/ssl.crt
# mkdir -m 700 /usr/local/etc/apache22/ssl.csr
# mkdir -m 700 /usr/local/etc/apache22/ssl.key
# cd ~
# openssl req -new -x509 -nodes -out server.crt -keyout server.key

当要求输入主机名时,输入正确的域名。(Common Name put the hostname (fully qualified domain name) of your computer.)

# cp server.crt /usr/local/etc/apache22/ssl.crt/server.crt
# cp server.key /usr/local/etc/apache22/ssl.key/server.key
# chmod 400 /usr/local/etc/apache22/ssl.crt/server.crt
# chmod 400 /usr/local/etc/apache22/ssl.key/server.key

# ee /usr/local/etc/apache22/httpd.conf

把#Include etc/apache22/extra/httpd-ssl.conf前面的#去掉。

# ee /usr/local/etc/apache22/extra/httpd-ssl.conf

设置正确的SLCertificateFile,SSLCertificateKeyFile

# apachectl configtest
# apachectl restart

https://域名/

注意:自签名的SSL证书会有认证提示的,购买的就没有提示了!

参考:http://lamp.linux.gov.cn/Apache/ApacheMenu/ssl/ssl_faq.html#aboutcerts

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *