前面已經(jīng)安裝好了apache2和ssl
首先建立自己的CA文件夾
CA/myCA
1.創(chuàng)建CA認(rèn)證
找到
etc/ssl/openssl.cnf
COPY一份到myCA下面
修改其下的變量值
dir = /home/mocci/CA/myCA
建立相應(yīng)的目錄:
mkdir -p //home/mocci/CA/myCA/certs
mkdir -p /home/mocci/CA/myCA/newcerts
建立文件:
echo “01″ > /etc/ssl/CA/serial && touch index.txt
建立root CA的密匙,需要你建立一個(gè)CA的密碼:
openssl genrsa -des3 2048 > ca.privatekey
openssl req -new -x509 -key ca.privatekey -days 3650 -out ca.cert
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Zhejiang
Locality Name (eg, city) []:Hangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mux Team
Organizational Unit Name (eg, section) []:muxcn
Common Name (eg, YOUR name) []:www.mux.net
Email Address []:ling2113@gmail.com
將創(chuàng)建的CA的密匙和自認(rèn)證文件復(fù)制
cp ca.privatekey /etc/ssl/CA/private/cakey.pem
cp ca.cer /etc/ssl/CA/cacert.pem
CA搞定�����。
2. 建立apache的ssl認(rèn)證
首先建立用戶的密匙�,需要你設(shè)置一個(gè)密碼
openssl genrsa -des3 2048 > cassl.privatekey
然后生成CA認(rèn)證的申請(qǐng)文件
openssl req -days 3650 -key? cassl.privatekey -new -out cassl.csr
生成CA的認(rèn)證文件
openssl ca -out cassl.pem -days 3650 -infiles cassl.csr
如果找不到的話,可以用
export?OPENSSL_CONF=……
來(lái)設(shè)定你的CA路勁
cat cassl.privatekey cassl.pem > apache.pem
3. 配置apache2服務(wù)器
啟動(dòng)apache2下的mod_ssl
a2enmod ssl
復(fù)制apache.pem到/etc/apache2/ssl
建立CADOMAIN
進(jìn)入/etc/apache2/sites-available/
cp default ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
修改ssl
NameVirtualHost *:443
<VirtualHost *:443>
Add the following two lines under the <VirtualHost *:443> line:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem/
修改default和ssl
etc/apache2/sites-enabled/default
/etc/apache2/sites-enabled/ssl,
and modify the NameVirtualHost *
directive to resemble: NameVirtualHost *:80
and the VirtualHost * directive to resemble: <VirtualHost *:80>
添加https的監(jiān)聽端口443��,
vi /etc/ports.conf
Listen 443
重啟apache2
sudo?/etc/init.d/apache2?force-reload
輸入PASS���,OK?�。?br />
測(cè)試
https://localhost/svn/myprojects
you must enable URL rewrite support in the Ubuntu Apache 2 package by executing the following command:
sudo?a2enmod?rewrite
You should receive the following output from the above command:
Module?rewrite?installed;?run?/etc/init.d/apache2?force-reload?to?enable.