ubuntu 12.04 安装ssl 自签名证书

最新推荐文章于 2023-03-03 23:31:32 发布

LazyCat--懒猫

最新推荐文章于 2023-03-03 23:31:32 发布

阅读量2.8k

点赞数

分类专栏： Linux上服务器

本文链接：https://blog.csdn.net/xl4025/article/details/50156355

版权

Linux上服务器专栏收录该内容

19 篇文章 0 订阅

订阅专栏

1. 启用 ssl 模块
[plain] view plaincopyprint?
sudo a2enmod ssl

2. 安装openssl
[plain] view plaincopyprint?
sudo apt-get install openssl

3. 创建CA签名(不使用密码去除-des3选项)
[plain] view plaincopyprint?
openssl genrsa -des3 -out server.key 1024

4. 创建CSR(Certificate Signing Request)
[plain] view plaincopyprint?
openssl req -new -key server.key -out server.csr

5. 自己签发证书
[plain] view plaincopyprint?
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

6. 复制到相应目录
[plain] view plaincopyprint?
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

7. 修改配置文件
[plain] view plaincopyprint?
sudo cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
sudo vim 001-ssl
在<VirtualHost *:80>段中，DocumentRoot一行的下方加入内容：
[plain] view plaincopyprint?
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
端口修改为：443，即<VirtualHost *:443>(ssl的端口)
备份能使用 000-ssl
<VirtualHost *:443>
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>

8. 重启apache
[plain] view plaincopyprint?
sudo /etc/init.d/apache2 force-reload
sudo /etc/init.d/apache2 restart
把http转换为https
/etc/apache2/sites-available/default
<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>

LazyCat--懒猫

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ubuntu 12.04 安装ssl 自签名证书

1. 启用 ssl 模块[plain] view plaincopyprint?sudo a2enmod ssl 2. 安装openssl[plain] view plaincopyprint?sudo apt-get install openssl 3. 创建CA签名(不使用密码去除-des3选项)[plain] view plaincopypri
复制链接

扫一扫