centos下apache配置ssl证书(https)

1,到这里申请免费证书
https://freessl.cn/
2,安装相应模块(如已安装请跳过)
yum install mod_ssl openssl
3,修改apache配置文件
vi conf/httpd.conf
将下面几个取消注释

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf

4,继续修改
vi conf/extra/httpd-ssl.conf

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

SSLCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLProxyCipherSuite EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5
SSLHonorCipherOrder on

SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin

SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300

Mutex sysvsem default

SSLStrictSNIVHostCheck on

5,修改网站配置文件,这里以宝塔为例。在站点配置中点开默认文件(需要注意的是证书存放目录要写对):


ServerName 23edd8ee.xxx.com
ServerAlias xxx.com www.xxx.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] 



DocumentRoot "/www/wwwroot/xxx.com"
ServerName 23edd8ee.xxx.com
ServerAlias xxx.com:443 www.xxx.com:443
ErrorLog "/www/wwwlogs/xxx.com-error_log"
CustomLog "/www/wwwlogs/xxx.com-access_log" combined
SSLEngine on
SSLCertificateFile "/www/server/apache/cert/full_chain.pem"
SSLCertificateKeyFile /www/server/apache/cert/private.key

    #DENY FILES
    
       Order allow,deny
       Deny from all
    
    
    #PHP
    
            SetHandler "proxy:unix:/tmp/php-cgi-56.sock|fcgi://localhost"
    
    #PATH
    
      SetOutputFilter DEFLATE
      Options FollowSymLinks
      AllowOverride All
      Order allow,deny
      Allow from all
      DirectoryIndex index.html index.php
    

最后,重启apache,访问https站点。
systemctl restart httpd

如果访问不了,重点检查443端口。

你可能感兴趣的:(centos下apache配置ssl证书(https))