apache+openssl

$prefix is for normal user #prefix is for super user

---

1.install apache

#mkdir --parent /opt/httpd2
#cd /tmp/httpd/httpd-with-ssl
#tar --extract --verbose --gzip --file=httpd-2.2.18.tar.gz --directory=.
#cd httpd-2.2.18
#./configure --prefix=/opt/httpd2 --enable-ssl=shared
#make
#make intall


2.create server key

#cd /opt/httpd2/conf/
#mkdir ssl.key
#cd ssl.key
#openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:tyl
Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz
Organizational Unit Name (eg, section) []:tz
Common Name (eg, YOUR name) []:tyl
Email Address []:tangyl@ruyi.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.cert
Signature ok
subject=/C=AU/ST=Some-State/L=tyl/O=tz/OU=tz/CN=tyl/emailAddress=tangyl@ruyi.com
Getting Private key
Enter pass phrase for server.key:


---

3.configure apache

#cd /opt/httpd2/conf/extra/
#vi httpd-ssl.conf
SSLCertificateFile /opt/apache2/conf/ssl.key/server.cert
SSLCertificateKeyFile /opt/apache2/conf/ssl.key/server.key
#cd /opt/httpd2/conf/
#vi httpd.conf
Include conf/extra/httpd-ssl.conf


---

4.start apache

#/opt/httpd2/bin/apachectl start


---

5.input https://192.168.10.89/ on the browser

 

 

 

#create private key

[root@localhost /etc/pki/tls/private]# openssl genrsa -des3 1024 > me.key

Generating RSA private key, 1024 bit long modulus

.........++++++

................................................................................++++++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

 

#create Certificate Signing Request file

[root@localhost /etc/pki/tls/certs]# openssl req -utf8 -new -key ../private/me.key -out me.csrEnter pass phrase for ../private/me.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:192.168.10.179

string is too long, it needs to be less than  2 bytes long

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Berkshire]:

Locality Name (eg, city) [Newbury]:

Organization Name (eg, company) [My Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

 

#create Certificate file

[root@localhost /etc/pki/tls/certs]# openssl req -utf8 -new -key ../private/me.key -x509 -days 365 -out me.crt -set_serial 0

Enter pass phrase for ../private/me.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:192.168.10.179

string is too long, it needs to be less than  2 bytes long

Country Name (2 letter code) [GB]:cn

State or Province Name (full name) [Berkshire]:

Locality Name (eg, city) [Newbury]:

Organization Name (eg, company) [My Company Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:

Email Address []:

 

#configure httpd to make it access by ssl

[root@localhost /etc/httpd/conf.d]# vi ssl.conf

[root@localhost /etc/httpd/conf.d]# apachectl start

Apache/2.2.3 mod_ssl/2.2.3 (Pass Phrase Dialog)

Some of your private key files are encrypted for security reasons.

In order to read them you have to provide the pass phrases.

 

Server localhost.localdomain:443 (RSA)

Enter pass phrase:

 

OK: Pass Phrase Dialog successful.