日期:2014-05-16 浏览次数:20786 次
1.在线安装mod_ssl
yum -y install mod_ssl
查看openssl?是否安装成功
rpm -qa |grep openssl?
?
2.建立服务器密钥
openssl genrsa -out server.key 1024
?
?
3.建立服务器公钥?
openssl req -new -key server.key -out server.csr
?
4.建立服务器证书?
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
?
?
5.修改SSL的设置文件
/etc/httpd/conf.d/ssl.conf
# # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so LoadModule jk_module modules/mod_jk.so JkWorkersFile "conf/workers.properties" JkLogFile "logs/mod_jk.log" # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long