1 Apache配置
1.1 mod_ssl.so
取消 #LoadModule ssl_module modules/mod_ssl.so前面的#号
1.2 查看是否有以下模块 ssl_module
<IfModule ssl_module>
#Include conf/extra/httpd-ssl.conf
Include conf/extra/httpd-ahssl.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
1.3 打开配置文件httpd_ssl.conf,修改以下代码:
# https的端口
Listen 10443
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLProxyCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
<VirtualHost *:10443> # 配置virtualhost
SSLEngine on
ServerName www.abc.com # 改成自己域名
# 证书公钥配置
SSLCertificateFile "E:/Server/Apache24/cert/public.pem" //改成自己的路径
# 证书私钥配置
SSLCertificateKeyFile "E:/Server/Apache24/cert/******.key" //改成自己的路径
# 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile "E:/Server/Apache24/cert/chain.pem" //改成自己的路径
DocumentRoot "E:/Website/www.abc.com" //改成自己的路径
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "E:/Website/www.abc.com"> //改成自己的路径
Options Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
</virtualhost>
这样就配置好了,可以去试试:https://www.abc.com:10443接下来设置跳转:
2、 Nginx配置,Server中添加ssl配置,配置如下:
server {
listen 8055;
listen 10430 ssl; # 注意这是nginx高版本的配置方法
server_name moyu.nxycsw.cn;
ssl_certificate F:/development/nginx-1.16.1/cert/ssl.pem;
ssl_certificate_key F:/development/nginx-1.16.1/cert/ssl.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name moyu.nxycsw.cn;
}