1. OpenSSL
tar zxvf openssl-1.0.0.tar.gz
cd openssl-1.0.0
./config --prefix=/usr/local
make
make install
cd ../
2. Apache Httpd
tar zxvf httpd-2.4.6.tar.gz
cd httpd-2.4.6
./configure --prefix=/usr/local/apache --enable-ssl=static --with-ssl=/usr/local/ssl --with-included-apr
make
make install
cd ../
3.制作证书
cp ssl.ca-0.1.tar.gz /usr/local/apache/conf
cd /usr/local/apache/conf
tar zxvf ssl.ca-0.1.tar.gz
cd ssl.ca-0.1
./new-root-ca.sh
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HENAN //随你喜欢
Locality Name (eg, city) [Sitiawan]:ZHENGZHOU //随你喜欢
Organization Name (eg, company) [My Directory Sdn Bhd]:ZIV //随你喜欢
Organizational Unit Name (eg, section) [Certification Services Division]:ZIV //随你喜欢
Common Name (eg, MD Root CA) []:IP地址/ /随你喜欢
Email Address []:ZIV@gmail.com //随你喜欢
这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
./new-server-cert.sh server (这个证书的名字是server)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HENAN
Locality Name (eg, city) [Sitiawan]: ZHENGZHOU
Organization Name (eg, company) [My Directory Sdn Bhd]:ZIV
Organizational Unit Name (eg, section) [Secure Web Server]:ZIV
Common Name (eg, www.domain.com) []:www.wap.com
Email Address []:ZIV@gmail.com
这样就生成了server.csr和server.key这两个文件。
./sign-server-cert.sh server
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
chmod 400 server.key
cd ..
mkdir ssl.key
mv ssl.ca-0.1/server.key ssl.key
mkdir ssl.crt
mv ssl.ca-0.1/server.crt ssl.crt
cd /usr/local/apache
修改
/usr/local/apache/conf/httpd.conf
的内容
Include conf/extra/httpd-ssl.conf
ServerName 10.131.98.163:80
修改
/usr/local/apache/conf/extra/httpd-ssl.conf
的内容
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.ca-0.1/ca.key"
SSLCertificateFile "/usr/local/apache/conf/ssl.ca-0.1/ca.crt"
./apachectl -k start -DSSL
输入密码
tar zxvf openssl-1.0.0.tar.gz
cd openssl-1.0.0
./config --prefix=/usr/local
make
make install
cd ../
2. Apache Httpd
tar zxvf httpd-2.4.6.tar.gz
cd httpd-2.4.6
./configure --prefix=/usr/local/apache --enable-ssl=static --with-ssl=/usr/local/ssl --with-included-apr
make
make install
cd ../
3.制作证书
cp ssl.ca-0.1.tar.gz /usr/local/apache/conf
cd /usr/local/apache/conf
tar zxvf ssl.ca-0.1.tar.gz
cd ssl.ca-0.1
./new-root-ca.sh
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HENAN //随你喜欢
Locality Name (eg, city) [Sitiawan]:ZHENGZHOU //随你喜欢
Organization Name (eg, company) [My Directory Sdn Bhd]:ZIV //随你喜欢
Organizational Unit Name (eg, section) [Certification Services Division]:ZIV //随你喜欢
Common Name (eg, MD Root CA) []:IP地址/ /随你喜欢
Email Address []:ZIV@gmail.com //随你喜欢
这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
./new-server-cert.sh server (这个证书的名字是server)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HENAN
Locality Name (eg, city) [Sitiawan]: ZHENGZHOU
Organization Name (eg, company) [My Directory Sdn Bhd]:ZIV
Organizational Unit Name (eg, section) [Secure Web Server]:ZIV
Common Name (eg, www.domain.com) []:www.wap.com
Email Address []:ZIV@gmail.com
这样就生成了server.csr和server.key这两个文件。
./sign-server-cert.sh server
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
chmod 400 server.key
cd ..
mkdir ssl.key
mv ssl.ca-0.1/server.key ssl.key
mkdir ssl.crt
mv ssl.ca-0.1/server.crt ssl.crt
cd /usr/local/apache
修改
/usr/local/apache/conf/httpd.conf
的内容
Include conf/extra/httpd-ssl.conf
ServerName 10.131.98.163:80
修改
/usr/local/apache/conf/extra/httpd-ssl.conf
的内容
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.ca-0.1/ca.key"
SSLCertificateFile "/usr/local/apache/conf/ssl.ca-0.1/ca.crt"
./apachectl -k start -DSSL
输入密码