$prefix is for normal user #prefix is for super user
1.install apache
#mkdir --parent /opt/httpd2
#cd /tmp/httpd/httpd-with-ssl
#tar --extract --verbose --gzip --file=httpd-2.2.18.tar.gz --directory=.
#cd httpd-2.2.18
#./configure --prefix=/opt/httpd2 --enable-ssl=shared
#make
#make intall
2.create server key
#cd /opt/httpd2/conf/
#mkdir ssl.key
#cd ssl.key
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:tangyl@ruyi.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
Signature ok
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tangyl@ruyi.com
Getting Private key
Enter pass phrase for server.key:
3.configure apache
#cd /opt/httpd2/conf/extra/
#vi httpd-ssl.conf
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key
#cd /opt/httpd2/conf/
#vi httpd.conf
Include conf/extra/httpd-ssl.conf
4.start apache
#/opt/httpd2/bin/apachectl start
5.input https://192.168.10.89/ on the browser
#create private key
[root@localhost /etc/pki/tls/private]# openssl genrsa -des3 1024 > me.key
Generating RSA private key, 1024 bit long modulus
.........++++++
................................................................................++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
#create Certificate Signing Request file
[root@localhost /etc/pki/tls/certs]# openssl req -utf8 -new -key ../private/me.key -out me.csrEnter pass phrase for ../private/me.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:192.168.10.179
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#create Certificate file
[root@localhost /etc/pki/tls/certs]# openssl req -utf8 -new -key ../private/me.key -x509 -days 365 -out me.crt -set_serial 0
Enter pass phrase for ../private/me.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:192.168.10.179
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
#configure httpd to make it access by ssl
[root@localhost /etc/httpd/conf.d]# vi ssl.conf
[root@localhost /etc/httpd/conf.d]# apachectl start
Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server localhost.localdomain:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.