证书是在阿里云服务器购买的免费版的。按照步骤填写资料 10分钟左右证书就能发放下来。
服务器是LAMP环境,就下载了Apache版本的证书
安装证书
文件说明:
1. 证书文件21448443323****.pem,包含两段内容,请不要删除任何一段内容。
2. 如果是证书系统创建的CSR,还包含:证书私钥文件21448443323****.key、证书公钥文件public.pem、证书链文件chain.pem。
( 1 ) 在Apache的安装目录下创建cert目录,并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件,请将对应的私钥文件放到cert目录下并且命名为21448443323****.key;
( 2 ) 打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”:
#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)
#Include conf/extra/httpd-ssl.conf
这两步是没有什么问题的,但是按照教程配置httpd-ssl.conf后用https访问网站出现403 Forbidden错误。各种百度,Google,终于解决。只需把httpd-ssl.conf清空换成一下内容即可:
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot /data/www/default/
ServerName teddysun.com
ServerAlias www.teddysun.com
ErrorLog "/usr/local/apache/logs/lamp_error_log"
TransferLog "/usr/local/apache/logs/lamp_access_log"
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ALL:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3- SHA:!KRB5-DES-CBC3-SHA
SSLCertificateFile /usr/local/apache/conf/xxx.crt
SSLCertificateKeyFile /usr/local/apache/conf/xxx.pem
SSLCertificateChainFile /usr/local/apache/conf/cert/chain.pem
CustomLog "/usr/local/apache/logs/lamp_ssl_request_log" \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\""BrowserMatch "MSIE [2-5]" \nokeepalive ssl-unclean-shutdown \downgrade-1.0 force-response-1.0
<Directory /data/www/default/>
Options -Indexes +FollowSymLinksAllowOverride
AllRequire all granted
</Directory>
</VirtualHost>
绿色字体部分需按实际情况填写!!!
windows下httpd-ssl.conf配置:
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
DocumentRoot F:/phpStudy/WWW/test
ServerName www.xxx.com
ErrorLog "F:/phpStudy/Apache/logs/ssl_error_log.log"
TransferLog "F:/phpStudy/Apache/logs/ssl_access_log.log"
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4
SSLCertificateFile F:/phpStudy/Apache/conf/cert/xxx_public.crt
SSLCertificateKeyFile F:/phpStudy/Apache/cert/xxx.key
SSLCertificateChainFile F:/phpStudy/Apache/conf/cert/xxx_chain.crt
<Directory "/Apache24/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>