Unix/Linux 生成证书和密钥
确认是否安装ssl模块,是否有mod_ssl.so文件
生成密钥
# 生成密钥
# 这是用128位rsa算法生成密钥,得到 api-afd-server.key 文件
tools/servers » openssl genrsa 1024 >api-afd-server.key
Generating RSA private key, 1024 bit long modulus
...................++++++
.............++++++
e is 65537 (0x10001)
生成证书请求文件
# 生成证书请求文件
# 这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题,一一输入
tools/servers » openssl req -new -key api-afd-server.key > api-afd-server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ZH-CN
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GuangZhou
Locality Name (eg, city) []:Shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:afd
Organizational Unit Name (eg, section) []:afd-yunbei
Common Name (e.g. server FQDN or YOUR name) []:afd-api
Email Address []:leeyisoft@qq.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:afd
生成证书
# 生成证书
# 这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天
tools/servers » openssl req -x509 -days 365 -key api-afd-server.key -in api-afd-server.csr > api-afd-server.crt
windows 生成证书和密钥
生成证书需要 openssl工具,我用的是 MINGW32
步骤1:生成密钥
命令:openssl genrsa 1024 > server.key 说明:这是用128位rsa算法生成密钥,得到server.key文件
步骤2: 生成证书请求文件
命令:openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -new -key server.key > server.csr 说明:这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题,一一输入
步骤3: 生成证书
命令:openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt 说明:这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天 把得到的server.key和server.crt文件拷贝到apache的对应目录
nginx https 配置
参考 http://nginx.org/cn/docs/http/configuring_https_servers.html#optimization
添加如下配置(完成后记得 reload nginx服务):
server {
listen 80;
listen 443 ssl;
ssl on;
server_name 127.0.0.1 192.168.1.202 myweb.name www.myweb.name; #可配置多个主机头
ssl_certificate "/Users/leeyi/workspace/tools/servers/api-afd-server.crt";
ssl_certificate_key "/Users/leeyi/workspace/tools/servers/api-afd-server.key";
...
### 其他代码省略
}
配置apache
修改httpd-ssl.conf文件
注意在此文件中配置证书和密钥
SSLCertificateFile /apache/conf/api-afd-server.crt
SSLCertificateKeyFile /apache/conf/api-afd-server.key
虚拟机设置
NameVirtualHost *:443
<VirtualHost *:443>
…………
</VirtualHost>
修改httpd.conf文件
步骤1:打开ssl模块
LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so
步骤2:引入ssl配置文件
Include “/apache/conf/httpd-ssl.conf”
步骤3:如果你配置的虚拟机,注意一下端口的访问接受情况
NameVirtualHost *:80
<VirtualHost *:80>
…………
</VirtualHost>
```
重新启动apache
用https方式访问,查看是否生效
© 著作权归作者所有
