很多理论知识这里就不提了,如果要深入了解建议先去了解下理论再来看会很容易看懂,下面直接操了。
环境:
CentOS release 6.8 (Final)
apache-2.4.25
1、查看现有apache是否有编译安装过ssl模块
/usr/local/apache/bin/apachectl-l
2、没有的话需要添加ssl模块,apache是以嵌入的方式添加模块的
/usr/local/apache/bin/apxs-i-c-a-L/usr/lib64/openssl/engines/lib-c*.c-lcrypto-lssl-ldl /usr/local/apache/bin/apxs-c-imod_ssl.c /usr/local/apache/bin/apxs-c-imod_ssl.lo ll/usr/local/apache/modules|grepssl
3、开启ssl扩展功能
sed-i's/\#Includeconf\/extra\/httpd-ssl.conf/Includeconf\/extra\/httpd-ssl.conf/'/usr/local/apache/conf/httpd.conf sed-n'140p'/usr/local/apache/conf/httpd.conf LoadModulessl_modulemodules/mod_ssl.so
4、生成不可信任额证书,公钥加密,私钥解密。私钥加密,公钥解密
生成服务器私钥
opensslgenrsa-des3-outserver.key2048
生成服务器证书请求,并按照要求填写相关证书信息
opensslreq-new-keyserver.key-outserver.csr
签证:
opensslx509-req-days3650-inserver.csr-signkeyserver.key-outserver.crt
5、修改虚拟主机
sed-n'22,33p'/usr/local/apache/conf/extra/httpd-vhosts.conf # <VirtualHost*:443> ServerAdmin1009422178@qq.com DocumentRoot"/var/www/html" ServerNamewww.www.fangqiweb.org ServerAliaswww.fangqi.web.org SSLEngineon SSLCertificateFile/usr/local/apache/conf/server.crt SSLCertificateKeyFile/usr/local/apache/conf/server.key ErrorLog"logs/error/www-error_log" CustomLog"|/usr/local/sbin/cronolog/service/apache/logs/access/www-%Y%m%d_log"combined </VirtualHost>
6、添加监听端口
sed-i'53a\Listen443'httpd.conf
7、检查语法,重启apache
/usr/local/apache/bin/apachectl-t /usr/local/apache/bin/apachectlrestart
8、测试访问
9、如果访问不了
防火墙是否允许了https通过
apache的主配置文件是否有错误,或者缺少vhost里的目录位置信息
apache的监听端口是否开启
apache是否有正确添加ssl模块
常见错误:
/usr/local/apache/bin/apachectl -t
httpd: Syntax error on line 141 of /usr/local/apache-2.4.25/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: /usr/local/apache-2.4.25/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog
解决:
/usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
原文链接:https://www.f2er.com/centos/376990.html