本文档详细记录了在Apache服务器上配置SSL证书时遇到的'Invalid command 'SSLCipherSuite''错误的解决过程。主要步骤包括确认Apache版本,下载对应版本的mod_ssl模块,编译并安装该模块,最终成功启用HTTPS服务。
开始之前的话:
1.配置好服务器防火墙的443端口规则;
2.购买好证书文件,我是沃通证书,准备好证书,这里不演示证书的购买和安装。
3.我的apache是编译安装的,文件目录在/usr/local/apache 按照以上文档设置后发现是缺少mod-ssl.so这个模块的。所以我设置好配置文件后重启服务直接报错
[root@www bin]# ./apachectl -k restart
Syntax error on line 60 of /usr/local/apache/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
查阅资料发现也的确是这个模块未安装,因为是编译安装的,所以只能下载对应的版本文件上传编译安装这个模块
5.查找自己的apache版本:
[root@www bin]# ./apachectl -v
Server version: Apache/2.2.34 (Unix)
Server built: Aug 4 2017 04:25:09
是apache/2.2.34版本,
去官网下载对应的版本httpd2.2.34.tar.gz
7.解压下载的版本文件 将modules下的loggers,ssl两个文件【一定是两个文件否则出错】放到服务器端apache的modules下
[root@www apache]# cd modules/ [root@www modules]# ls ##这里是没有要上传的两个文件目录
httpd.exp mod_authn_dbd.so mod_authz_owner.so mod_deflate.so mod_ident.so mod_mime.so mod_suexec.so
libphp5.so mod_authn_dbm.so mod_authz_user.so mod_dir.so mod_imagemap.so mod_negotiation.so mod_unique_id.so
mod_actions.so mod_authn_default.so mod_autoindex.so mod_dumpio.so mod_include.so mod_reqtimeout.so mod_userdir.so
mod_alias.so mod_authn_file.so mod_cern_meta.so mod_env.so mod_info.so mod_rewrite.so mod_usertrack.so
mod_asis.so mod_authz_dbm.so mod_cgi.so mod_expires.so mod_log_config.so mod_setenvif.so mod_version.so
mod_auth_basic.so mod_authz_default.so mod_dav_fs.so mod_ext_filter.so mod_log_forensic.so mod_speling.so mod_vhost_alias.so
mod_auth_digest.so mod_authz_groupfile.so mod_dav.so mod_filter.so mod_logio.so mod_status.so
mod_authn_anon.so mod_authz_host.so mod_dbd.so mod_headers.so mod_mime_magic.so mod_substitute.so
[root@www modules]# ll ###在这个文件目录下也没有所需的mod_ssl.so模块
total 39248
-rw-r--r-- 1 root root 9377 Aug 4 2017 httpd.exp -rwxr-xr-x 1 root root 37156191 Aug 4 2017 libphp5.so
drwxr-xr-x 2 root root 4096 Jul 1 15:32 loggers ##上传好的文件 -rwxr-xr-x 1 root root 29682 Aug 4 2017 mod_actions.so -rwxr-xr-x 1 root root 42461 Aug 4 2017 mod_alias.so -rwxr-xr-x 1 root root 26746 Aug 4 2017 mod_asis.so -rwxr-xr-x 1 root root 31555 Aug 4 2017 mod_auth_basic.so -rwxr-xr-x 1 root root 75321 Aug 4 2017 mod_auth_digest.so -rwxr-xr-x 1 root root 28015 Aug 4 2017 mod_authn_anon.so -rwxr-xr-x 1 root root 33221 Aug 4 2017 mod_authn_dbd.so -rwxr-xr-x 1 root root 28936 Aug 4 2017 mod_authn_dbm.so -rwxr-xr-x 1 root root 25020 Aug 4 2017 mod_authn_default.so -rwxr-xr-x 1 root root 29331 Aug 4 2017 mod_authn_file.so -rwxr-xr-x 1 root root 32931 Aug 4 2017 mod_authz_dbm.so -rwxr-xr-x 1 root root 25082 Aug 4 2017 mod_authz_default.so -rwxr-xr-x 1 root root 32860 Aug 4 2017 mod_authz_groupfile.so -rwxr-xr-x 1 root root 32531 Aug 4 2017 mod_authz_host.so -rwxr-xr-x 1 root root 28441 Aug 4 2017 mod_authz_owner.so -rwxr-xr-x 1 root root 27019 Aug 4 2017 mod_authz_user.so -rwxr-xr-x 1 root root 96568 Aug 4 2017 mod_autoindex.so -rwxr-xr-x 1 root root 31153 Aug 4 2017 mod_cern_meta.so -rwxr-xr-x 1 root root 73833 Aug 4 2017 mod_cgi.so -rwxr-xr-x 1 root root 185754 Aug 4 2017 mod_dav_fs.so -rwxr-xr-x 1 root root 345418 Aug 4 2017 mod_dav.so -rwxr-xr-x 1 root root 56796 Aug 4 2017 mod_dbd.so -rwxr-xr-x 1 root root 71840 Aug 4 2017 mod_deflate.so -rwxr-xr-x 1 root root 31959 Aug 4 2017 mod_dir.so -rwxr-xr-x 1 root root 31867 Aug 4 2017 mod_dumpio.so -rwxr-xr-x 1 root root 28846 Aug 4 2017 mod_env.so -rwxr-xr-x 1 root root 37566 Aug 4 2017 mod_expires.so -rwxr-xr-x 1 root root 60673 Aug 4 2017 mod_ext_filter.so -rwxr-xr-x 1 root root 48974 Aug 4 2017 mod_filter.so -rwxr-xr-x 1 root root 55132 Aug 4 2017 mod_headers.so -rwxr-xr-x 1 root root 33238 Aug 4 2017 mod_ident.so -rwxr-xr-x 1 root root 47520 Aug 4 2017 mod_imagemap.so -rwxr-xr-x 1 root root 125357 Aug 4 2017 mod_include.so -rwxr-xr-x 1 root root 50893 Aug 4 2017 mod_info.so -rwxr-xr-x 1 root root 83862 Aug 4 2017 mod_log_config.so -rwxr-xr-x 1 root root 35269 Aug 4 2017 mod_log_forensic.so -rwxr-xr-x 1 root root 29510 Aug 4 2017 mod_logio.so -rwxr-xr-x 1 root root 76780 Aug 4 2017 mod_mime_magic.so -rwxr-xr-x 1 root root 51248 Aug 4 2017 mod_mime.so -rwxr-xr-x 1 root root 102460 Aug 4 2017 mod_negotiation.so -rwxr-xr-x 1 root root 41673 Aug 4 2017 mod_reqtimeout.so -rwxr-xr-x 1 root root 164579 Aug 4 2017 mod_rewrite.so -rwxr-xr-x 1 root root 39321 Aug 4 2017 mod_setenvif.so -rwxr-xr-x 1 root root 36386 Aug 4 2017 mod_speling.so -rwxr-xr-x 1 root root 58503 Aug 4 2017 mod_status.so -rwxr-xr-x 1 root root 41166 Aug 4 2017 mod_substitute.so -rwxr-xr-x 1 root root 27954 Aug 4 2017 mod_suexec.so -rwxr-xr-x 1 root root 30111 Aug 4 2017 mod_unique_id.so -rwxr-xr-x 1 root root 31342 Aug 4 2017 mod_userdir.so -rwxr-xr-x 1 root root 37930 Aug 4 2017 mod_usertrack.so -rwxr-xr-x 1 root root 23067 Aug 4 2017 mod_version.so -rwxr-xr-x 1 root root 37708 Aug 4 2017 mod_vhost_alias.so
drwxr-xr-x 2 root root 4096 Jul 1 15:32 ssl ##上传好的文件
8.cd到服务端的modules/ssl目录;执行命令:
apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c
即可
[root@www modules]# cd ssl/ [root@www ssl]# ls
config.m4 mod_ssl.mak ssl_engine_dh.c ssl_engine_pphrase.c ssl_expr_parse.c ssl_scache.c ssl_util_ssl.c
Makefile.in NWGNUmakefile ssl_engine_init.c ssl_engine_rand.c ssl_expr_parse.h ssl_scache_dbm.c ssl_util_ssl.h
mod_ssl.c README ssl_engine_io.c ssl_engine_vars.c ssl_expr_parse.y ssl_scache_dc.c
mod_ssl.dep README.dsov.fig ssl_engine_kernel.c ssl_expr.c ssl_expr_scan.c ssl_scache_shmcb.c
mod_ssl.dsp README.dsov.ps ssl_engine_log.c ssl_expr_eval.c ssl_expr_scan.l ssl_toolkit_compat.h
mod_ssl.h ssl_engine_config.c ssl_engine_mutex.c ssl_expr.h ssl_private.h ssl_util.c
[root@www ssl]# apxs -i -c -a -D HAVE_OPENSSL=1 -I /usr/include/openssl -lcrypto -lssl -ldl *.c /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o mod_ssl.lo mod_ssl.c && touch mod_ssl.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_config.lo ssl_engine_config.c && touch ssl_engine_config.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_dh.lo ssl_engine_dh.c && touch ssl_engine_dh.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_init.lo ssl_engine_init.c && touch ssl_engine_init.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_io.lo ssl_engine_io.c && touch ssl_engine_io.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_kernel.lo ssl_engine_kernel.c && touch ssl_engine_kernel.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_log.lo ssl_engine_log.c && touch ssl_engine_log.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_mutex.lo ssl_engine_mutex.c && touch ssl_engine_mutex.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_pphrase.lo ssl_engine_pphrase.c && touch ssl_engine_pphrase.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_rand.lo ssl_engine_rand.c && touch ssl_engine_rand.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_engine_vars.lo ssl_engine_vars.c && touch ssl_engine_vars.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_expr.lo ssl_expr.c && touch ssl_expr.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_expr_eval.lo ssl_expr_eval.c && touch ssl_expr_eval.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_expr_parse.lo ssl_expr_parse.c && touch ssl_expr_parse.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_expr_scan.lo ssl_expr_scan.c && touch ssl_expr_scan.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_scache.lo ssl_scache.c && touch ssl_scache.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_scache_dbm.lo ssl_scache_dbm.c && touch ssl_scache_dbm.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_scache_dc.lo ssl_scache_dc.c && touch ssl_scache_dc.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_scache_shmcb.lo ssl_scache_shmcb.c && touch ssl_scache_shmcb.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_util.lo ssl_util.c && touch ssl_util.slo /usr/local/apache/build/libtool --silent --mode=compile gcc -prefer-pic -DLINUX -D_REENTRANT -D_GNU_SOURCE -g -O2 -pthread -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/local/apache/include -I/usr/include/openssl -DHAVE_OPENSSL=1 -c -o ssl_util_ssl.lo ssl_util_ssl.c && touch ssl_util_ssl.slo /usr/local/apache/build/libtool --silent --mode=link gcc -o mod_ssl.la -lcrypto -lssl -ldl -rpath /usr/local/apache/modules -module -avoid-version ssl_util_ssl.lo ssl_util.lo ssl_scache_shmcb.lo ssl_scache_dc.lo ssl_scache_dbm.lo ssl_scache.lo ssl_expr_scan.lo ssl_expr_parse.lo ssl_expr_eval.lo ssl_expr.lo ssl_engine_vars.lo ssl_engine_rand.lo ssl_engine_pphrase.lo ssl_engine_mutex.lo ssl_engine_log.lo ssl_engine_kernel.lo ssl_engine_io.lo ssl_engine_init.lo ssl_engine_dh.lo ssl_engine_config.lo mod_ssl.lo /usr/local/apache/build/instdso.sh SH_LIBTOOL='/usr/local/apache/build/libtool' mod_ssl.la /usr/local/apache/modules /usr/local/apache/build/libtool --mode=install cp mod_ssl.la /usr/local/apache/modules/ libtool: install: cp .libs/mod_ssl.so /usr/local/apache/modules/mod_ssl.so
libtool: install: cp .libs/mod_ssl.lai /usr/local/apache/modules/mod_ssl.la
libtool: install: cp .libs/mod_ssl.a /usr/local/apache/modules/mod_ssl.a
libtool: install: chmod 644 /usr/local/apache/modules/mod_ssl.a
libtool: install: ranlib /usr/local/apache/modules/mod_ssl.a
libtool: finish: PATH="/usr/local/mysql/bin:/usr/local/php/bin:/usr/local/apache/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/sbin" ldconfig -n /usr/local/apache/modules ---------------------------------------------------------------------- Libraries have been installed in: /usr/local/apache/modules ###库已经安装在这个目录,安装完成
If you ever happen to want to link against installed libraries in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the '-LLIBDIR' flag during linking and do at least one of the following: - add LIBDIR to the 'LD_LIBRARY_PATH' environment variable
during execution - add LIBDIR to the 'LD_RUN_PATH' environment variable
during linking - use the '-Wl,-rpath -Wl,LIBDIR' linker flag - have your system administrator add LIBDIR to '/etc/ld.so.conf' See any operating system documentation about shared libraries for more information, such as the ld(1) and ld.so(8) manual pages. ---------------------------------------------------------------------- chmod 755 /usr/local/apache/modules/mod_ssl.so
[activating module `ssl' in /usr/local/apache/conf/httpd.conf]
9.再次返回modlues目录可以看到已经安装mod_ssl.so
root@www ssl]# cd ..
[root@www modules]# ls
httpd.exp mod_authn_dbd.so mod_authz_user.so mod_dumpio.so mod_info.so mod_setenvif.so mod_version.so
libphp5.so mod_authn_dbm.so mod_autoindex.so mod_env.so mod_log_config.so mod_speling.so mod_vhost_alias.so
loggers mod_authn_default.so mod_cern_meta.so mod_expires.so mod_log_forensic.so mod_ssl.so ssl
mod_actions.so mod_authn_file.so mod_cgi.so mod_ext_filter.so mod_logio.so mod_status.so
mod_alias.so mod_authz_dbm.so mod_dav_fs.so mod_filter.so mod_mime_magic.so mod_substitute.so
mod_asis.so mod_authz_default.so mod_dav.so mod_headers.so mod_mime.so mod_suexec.so
mod_auth_basic.so mod_authz_groupfile.so mod_dbd.so mod_ident.so mod_negotiation.so mod_unique_id.so
mod_auth_digest.so mod_authz_host.so mod_deflate.so mod_imagemap.so mod_reqtimeout.so mod_userdir.so
mod_authn_anon.so mod_authz_owner.so mod_dir.so mod_include.so mod_rewrite.so mod_usertrack.so
10.重启web服务器 ./apachectl -k restart即可 因为我的apache是编译安装的,所以在apache的安装目录下的bin文件目录中执行这个重启命令
[root@www bin]# ./ap
apachectl apr-1-config apu-1-config apxs
[root@www bin]# ./apachectl -k restart
[root@www bin]#
11.查看https已经生效。
扫一扫
8109
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
