Ubuntu下为Apache配置ssl

1. 启用 ssl 模块

vi /usr/local/apache/conf/httpd.conf ，查找httpd-ssl将前面的#去掉。

2.安装openssl

sudo apt-get install openssl

3. 创建CA签名(不使用密码去除-des3选项)

openssl genrsa -des3 -out server.key 1024

4. 创建CSR(Certificate Signing Request)

openssl req -new -key server.key -out server.csr

5. 自己签发证书

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

6. 复制到相应目录

sudo cp server.crt /etc/ssl/certs  
sudo cp server.key /etc/ssl/private

7.然后再执行：
cat >/usr/local/apache/conf/extra/httpd-ssl.conf<Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

SSLMutex "file:/usr/local/apache/logs/ssl_mutex"

SSLStrictSNIVHostCheck on
NameVirtualHost *:443
EOF

8.  修改配置文件

vi  /usr/local/apache/conf/extra/httpd-vhosts.conf

加入下列代码：

#php_admin_value open_basedir "/home/wwwroot/default:/tmp/:/var/tmp/:/proc/"
SSLStrictSNIVHostCheck off
DocumentRoot "/home/wwwroot/default" //项目目录
ServerName cyntec.cn //域名
ServerAdmin 111111@outlook.com //邮箱
ErrorLog "/home/wwwlogs/IP-error_log"
CustomLog "/home/wwwlogs/IP-access_log" combined
SSLEngine on
SSLCertificateFile /home/home/crt/2_cyntec.cn.crt //证书目录
SSLCertificateKeyFile /home/home/key/3_cyntec.cn.key //证书目录
//项目目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.php

重启 /etc/init.d/httpd restart

如果你想让你的用户访问你的webapp时只使用安全的HTTPS协议，而不是没加密过的HTTP协议，可以这样配置Apache：


在里面加入如下内容：


RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]