SSL 证书安装过程
第一步:安装mod_ssl[root@300second ~]#?yum -y install mod_ssl?
第二步:HTTP 服务器上配置mod_ssl[1] 建立服务器密钥[root@300second ~]#??cd /etc/pki/tls/certs/ ?← 进入HTTP服务器配置文件所在目录[root@300second certs]#??make server.key ?← 建立服务器密钥umask 77 ; \?????????????? /usr/bin/openssl genrsa -des3 1024 > server.keyGenerating RSA private key, 1024 bit long modulus................++++++......++++++e is 65537 (0x10001)Enter pass phrase: ?????????????????????← 在这里输入口令Verifying - Enter pass phrase: ??← 确认口令,再次输入[root@300second certs]#??openssl rsa -in server.key -out server.key ?← 从密钥中删除密码(以避免系统启动后被询问口令)Enter pass phrase for server.key: ?← 输入口令writing RSA key[2] 建立服务器公钥[root@300second certs]#??make server.csr ?← 建立服务器密钥umask 77 ; \??????????????? /usr/bin/openssl req -utf8 -new -key server.key -out server.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [GB]:CN ?← 输入国名State or Province Name (full name) [Berkshire]:Fujian ?← 输入省名Locality Name (eg, city) [Newbury]:Quanzhou ?← 输入城市名Organization Name (eg, company) [My Company Ltd]: ?← 输入组织名(任意)Organizational Unit Name (eg, section) []: ?← 不输入,直接回车Common Name (eg, your name or your server's hostname) []: ?← 输入通称(任意)Email Address []:300second@163.com? ?← 输入电子邮箱地址?Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: ?← 不输入,直接回车An optional company name []:? ?← 不输入,直接回车
[3] 建立服务器证书[root@300second certs]#??openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365 ?← 建立服务器证书Signature oksubject=/C=CN/ST=Fujian/L=Quanzhou/O=/CN=/emailAddress=300second@163.comGetting Private key[root@300second certs]#??chmod 400 server.*