CentOS下httpd 2.4.7配置https

通过http协议传输的数据都是明文的，很容易被窃听。很多时候需要在网上传输口令，这个时候就需要对信息进行加密，对HTTP传输进行加密的协议就是HTTPS，它是通过SSL进行HTTP传输的协议。

我们现在已经有了httpd环境，可参考(http://fengwan.blog.51cto.com/508652/1360429)

在编译过程中需要加上参数--enable-ssl

[root@NFSServer httpd-2.4.7] # ./configure \

>--prefix= /webserver/httpd \

>--sysconfdir= /webserver/httpd/conf \

>-- enable -so \

>-- enable -rewirte \

>--enable-ssl \

>-- enable -cgi \

>-- enable -cgid \

>-- enable -modules=most \

>-- enable -modules-shared=most \

>-- enable -mpms-shared=all \

>--with-apr= /webserver/apr \

>--with-apr-util= /webserver/apr-util

1.环境准备

1.openssl安装

1	[root@WebServer ~] # yum -y install openssl openssl-devel

2.创建密码文件

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

[root@WebServer ~] # openssl genrsa -out server.key 1024 [root@WebServer ~] # openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter  '.' , the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:GuangDong Locality Name (eg, city) [Default City]:GuangZhou Organization Name (eg, company) [Default Company Ltd]:Test Organizational Unit Name (eg, section) []:Test Common Name (eg, your name or your server's  hostname ) []:localhost Email Address []:ca Please enter the following  'extra'  attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@WebServer ~] # openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

执行上述命令后将产生3个文件，分别是server.key、server.csr和server.crt ,接着将3个文件复制到/webserver/httpd/conf/ca

1 2	[root@WebServer ~] # mkdir /webserver/httpd/conf/ca/ [root@WebServer ~] # cp -r server.* /webserver/httpd/conf/ca/

3.修改 /webserver/httpd/conf/extra/httpd-ssl.conf

1 2 3 4

[root@WebServer ~] # vim /webserver/httpd/conf/extra/httpd-ssl.conf // 修改一下位置 SSLCertificateFile  "/webserver/httpd/conf/ca/server.crt" SSLCertificateKeyFile  "/webserver/httpd/conf/ca/server.key"

4.修改/webserver/httpd/conf/httpd.conf加载ssl_module和socache_shmcb_module

1 2 3 4

[root@WebServer ~] # vim /webserver/httpd/conf/httpd.conf // 将一下2句前面的 #删除，或者直接将下面这2句加入配置文件 LoadModule socache_shmcb_module modules /mod_socache_shmcb .so LoadModule ssl_module modules /mod_ssl .so

如果没有加载socache_shmcb_module将出现

1 2 3 4 5

[root@WebServer ~] # service httpd restart Stopping httpd:                                            [  OK  ] Starting httpd: AH00526: Syntax error on line 76 of  /webserver/httpd/conf/extra/httpd-ssl .conf: SSLSessionCache:  'shmcb'  session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).                                                             [FAILED]

5.重启httpd服务即可

1 2 3

[root@WebServer ~] # service httpd restart Stopping httpd:                                            [  OK  ] Starting httpd:                                            [  OK  ]

6.测试

本文转自 rong341233 51CTO博客，原文链接:http://blog.51cto.com/fengwan/1363821