1 获取免费SSL证书
通过https://freessl.org/获取免费证书
解压文件里只包含了full_chain.pem 和 private.key,与apache证书对应关系:
SSLCertificateFile /etc/letsencrypt/live/behindgfw.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/behindgfw.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/behindgfw.com/fullchain.pem
打开压缩包里面有3个文件
- private.key
- ca_bundle.crt
- certificate.crt
三个文件分别对应 Apache 配置里面的:
- SSLCertificateKeyFile
- SSLCertificateFile
- SSLCertificateChainFile
2 配置apache ssl证书
1)配置conf/httpd.conf:
找到如下行并去掉#
#LoadModule ssl_module modules/mod_ssl.so
# Include conf/extra/httpd-ssl.conf
另外,要确认以下两行至少有一行是去掉#的:
LoadModule socache_dbm_module modules/mod_socache_dbm.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
2)配置conf/extra/httpd-ssl.conf
需要修改的关键行,对应修改为真实的目录路径和域名信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
|
3虚拟服务器的SSL配置
<VirtualHost *:443>
ServerName tryservice.*******.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile
"d:/wamp64/cert/tryservice/public.pem"
SSLCertificateKeyFile
"d:/wamp64/cert/tryservice/214************.key"
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
====================================================================
更新: 新的freessl包含的3个文件中,ca_bundle.crt 可以不用配置,可以正常使用。