apache 配置免费SSL

1 获取免费SSL证书

      通过https://freessl.org/获取免费证书

      解压文件里只包含了full_chain.pem 和 private.key，与apache证书对应关系：

      SSLCertificateFile /etc/letsencrypt/live/behindgfw.com/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/behindgfw.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/behindgfw.com/fullchain.pem

 

 

打开压缩包里面有3个文件

• private.key
• ca_bundle.crt
• certificate.crt

三个文件分别对应 Apache 配置里面的：

• SSLCertificateKeyFile
• SSLCertificateFile
• SSLCertificateChainFile

2 配置apache ssl证书

        1）配置conf/httpd.conf：

             找到如下行并去掉#

             #LoadModule ssl_module modules/mod_ssl.so

             # Include conf/extra/httpd-ssl.conf

             另外，要确认以下两行至少有一行是去掉#的：

             LoadModule socache_dbm_module modules/mod_socache_dbm.so

             LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

         2）配置conf/extra/httpd-ssl.conf

             需要修改的关键行，对应修改为真实的目录路径和域名信息：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

Listen 443   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4   SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4    SSLHonorCipherOrder on    SSLProtocol TLSv1 +TLSv1.1 +TLSv1.2   SSLProxyProtocol all -SSLv3    SSLPassPhraseDialog  builtin    SSLSessionCache  dbm:d:/wamp64/bin/apache/apache2.4.23/logs/ssl_scache"   #SSLSessionCache "shmcb:d:/wamp64/bin/apache/apache2.4.23/logs/ssl_scache(512000)"   SSLSessionCacheTimeout  300    <VirtualHost _default_:443>    DocumentRoot "d:/wamp64/www" ServerName tryservice.*******.com:443 #ServerAdmin admin@tryservice.*******.com ErrorLog "d:/wamp64/logs/apache/apache_error.log" TransferLog "d:/wamp64/logs/apache/access.log"    SSLEngine on    SSLCertificateFile "d:/wamp64/cert/tryservice/public.pem" SSLCertificateKeyFile "d:/wamp64/cert/tryservice/214************.key" SSLCertificateChainFile "d:/wamp64/cert/tryservice/chain.pem"   <FilesMatch "\.(cgi|shtml|phtml|php)$">     SSLOptions +StdEnvVars </FilesMatch> ## <Directory "d:/wamp64/bin/apache/apache2.4.23/cgi-bin">     SSLOptions +StdEnvVars </Directory> ##    BrowserMatch "MSIE [2-5]" \          nokeepalive ssl-unclean-shutdown \          downgrade-1.0 force-response-1.0    CustomLog "d:/wamp64/logs/apache/ssl_request.log" \           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"   </VirtualHost>

 

3虚拟服务器的SSL配置

<VirtualHost *:443>

ServerName tryservice.*******.com

SSLEngine on

SSLProxyEngine on

SSLCertificateFile "d:/wamp64/cert/tryservice/public.pem"

SSLCertificateKeyFile "d:/wamp64/cert/tryservice/214************.key"

ProxyRequests Off

<Proxy *>

Order deny,allow

Allow from all

</Proxy>

</VirtualHost>

 

====================================================================

更新： 新的freessl包含的3个文件中，ca_bundle.crt 可以不用配置，可以正常使用。