购卖证书配置
<VirtualHost _default_:443>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile /data/server/apache/conf/extra/cert/a_public.crt
SSLCertificateKeyFile /data/server/apache/conf/extra/cert/a.key
SSLCertificateChainFile /data/server/apache/conf/extra/cert/a_chain.crt
ServerName 你的域名:443
DocumentRoot "/data/web/web01/"
<Directory /data/web/web01/>
Options FollowSymlinks
DirectoryIndex index.php
Allow from all
AllowOverride All
Require all granted
</Directory>
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/data/server/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog "/data/server/apache/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
自签名证书
利用 openssl 自己生成
#私钥
openssl genrsa -out server.key 2048
#自签名证书
openssl req -new -x509 -nodes -sha1 -days 365 -key server.key -out server.crt -extensions usr_cert
执行后,遇到 Common Name (e.g. server FQDN or YOUR name) []: 填写你需要的域名或者ip
-----------------
openssl genrsa -out 127_0_0_1_server.key 2048
openssl req -new -x509 -nodes -sha1 -days 3650 -key 127_0_0_1_server.key -out 127_0_0_1_server.crt -extensions usr_cert
其他参考地址: