注意:阿里云 申请证书时选择系统自动创建CSR
安装ssl模块
yum install mod_ssl
然后按照 https://help.aliyun.com/document_detail/98727.html?spm=5176.2020520163.0.0.3e4756a7bfc5P1
所说的处理。
阿里云购买【SSL证书】流程:
1、SSL证书管理
2、标签(tag):免费证书 -》 立即购买
3、标签(tag):免费证书 -》 创建证书
更新https证书:
1、上传文件到:/etc/httpd/cert
2、修改:/etc/httpd/conf.d/ssl.conf
把 4332640623_www.gxyzems.com_chain.crt
中的4332640623替换成新的名称
3、systemctl restart httpd.service #重启
另:直接替换ssl.conf中乱七八糟的东西,以下是替换后完成内容:
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
## SSL Virtual Host Context
##
<VirtualHost *:443>
ServerAdmin zf@localhost
ServerName xxxxxygzc.com
DocumentRoot "/var/www/xxxx/public"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/certzf/xxxx.com_public.crt
SSLCertificateKeyFile /etc/httpd/certzf/xxxx.com.key
SSLCertificateChainFile /etc/httpd/certzf/xxxx.com_chain.crt
<Directory "/var/www/xxx/public">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
</VirtualHost>