1. apache2可直接用命令安装
sudo apt-get install apache2
2. 启用 ssl 模块
sudo a2enmod ssl
3. 安装openssl
sudo apt-get install openssl
4. 创建CA签名(不使用密码去除-des3选项)
openssl genrsa -des3 -out server.key 1024
5. 创建CSR(Certificate Signing Request)
openssl req -new -key server.key -out server.csr
6.自己签发证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
7.复制到相应目录
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
8. 修改配置文件
sudo cp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/001-ssl.conf
sudo nano 001-ssl.conf
在<VirtualHost *:80>段中,DocumentRoot一行的下方加入内容:
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
端口修改为:443,即<VirtualHost *:443>(ssl的端口)
9. 重启apache
sudo /etc/init.d/apache2 force-reload
sudo /etc/init.d/apache2 restart
10. 亲测 https://ip 打开成功。
