1. 启用 ssl 模块
[plain] view plaincopyprint?
sudo a2enmod ssl
2. 安装openssl
[plain] view plaincopyprint?
sudo apt-get install openssl
3. 创建CA签名(不使用密码去除-des3选项)
[plain] view plaincopyprint?
openssl genrsa -des3 -out server.key 1024
4. 创建CSR(Certificate Signing Request)
[plain] view plaincopyprint?
openssl req -new -key server.key -out server.csr
5. 自己签发证书
[plain] view plaincopyprint?
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
6. 复制到相应目录
[plain] view plaincopyprint?
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
7. 修改配置文件
[plain] view plaincopyprint?
sudo cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
sudo vim 001-ssl
在<VirtualHost *:80>段中,DocumentRoot一行的下方加入内容:
[plain] view plaincopyprint?
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
端口修改为:443,即<VirtualHost *:443>(ssl的端口)
备份能使用 000-ssl
<VirtualHost *:443>
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
8. 重启apache
[plain] view plaincopyprint?
sudo /etc/init.d/apache2 force-reload
sudo /etc/init.d/apache2 restart
把http转换为https
/etc/apache2/sites-available/default
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
[plain] view plaincopyprint?
sudo a2enmod ssl
2. 安装openssl
[plain] view plaincopyprint?
sudo apt-get install openssl
3. 创建CA签名(不使用密码去除-des3选项)
[plain] view plaincopyprint?
openssl genrsa -des3 -out server.key 1024
4. 创建CSR(Certificate Signing Request)
[plain] view plaincopyprint?
openssl req -new -key server.key -out server.csr
5. 自己签发证书
[plain] view plaincopyprint?
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
6. 复制到相应目录
[plain] view plaincopyprint?
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
7. 修改配置文件
[plain] view plaincopyprint?
sudo cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
sudo vim 001-ssl
在<VirtualHost *:80>段中,DocumentRoot一行的下方加入内容:
[plain] view plaincopyprint?
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
端口修改为:443,即<VirtualHost *:443>(ssl的端口)
备份能使用 000-ssl
<VirtualHost *:443>
SSLEngine On
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
8. 重启apache
[plain] view plaincopyprint?
sudo /etc/init.d/apache2 force-reload
sudo /etc/init.d/apache2 restart
把http转换为https
/etc/apache2/sites-available/default
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>