Ubuntu下为Apache配置ssl

1. 启用 ssl 模块

vi /usr/local/apache/conf/httpd.conf ,查找httpd-ssl将前面的#去掉。

2.安装openssl

sudo apt-get install openssl

3. 创建CA签名(不使用密码去除-des3选项)

openssl genrsa -des3 -out server.key 1024

4. 创建CSR(Certificate Signing Request)

openssl req -new -key server.key -out server.csr

5. 自己签发证书

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

6. 复制到相应目录

sudo cp server.crt /etc/ssl/certs  
sudo cp server.key /etc/ssl/private


7.然后再执行:
cat >/usr/local/apache/conf/extra/httpd-ssl.conf<Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

SSLStrictSNIVHostCheck on
NameVirtualHost *:443
EOF

8.  修改配置文件

vi  /usr/local/apache/conf/extra/httpd-vhosts.conf

加入下列代码:


#php_admin_value open_basedir "/home/wwwroot/default:/tmp/:/var/tmp/:/proc/"
SSLStrictSNIVHostCheck off
DocumentRoot "/home/wwwroot/default"
//项目目录
ServerName cyntec.cn
//域名
ServerAdmin
111111@outlook.com //邮箱
ErrorLog "/home/wwwlogs/IP-error_log"
CustomLog "/home/wwwlogs/IP-access_log" combined
SSLEngine on
SSLCertificateFile /home/home/crt/2_cyntec.cn.crt
//证书目录
SSLCertificateKeyFile /home/home/key/3_cyntec.cn.key
//证书目录
//项目目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php



重启 /etc/init.d/httpd restart


如果你想让你的用户访问你的webapp时只使用安全的HTTPS协议,而不是没加密过的HTTP协议,可以这样配置Apache:


里面加入如下内容:


RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]





你可能感兴趣的:(Ubuntu下为Apache配置ssl)