1. apache2可直接用命令安装

sudo apt-get install apache2

2. 启用 ssl 模块

sudoa2enmodssl

3.安装openssl

sudoapt-getinstallopenssl

4.创建CA签名(不使用密码去除-des3选项)

opensslgenrsa-des3-outserver.key1024

5.创建CSR(Certificate Signing Request)

opensslreq-new-keyserver.key-outserver.csr

6.自己签发证书

opensslx509-req-days365-inserver.csr-signkeyserver.key-outserver.crt

7.复制到相应目录

sudocpserver.crt/etc/ssl/certs

sudocpserver.key/etc/ssl/private

8.修改配置文件

sudocp/etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/001-ssl.conf

sudo nano001-ssl.conf

在<VirtualHost *:80>段中，DocumentRoot一行的下方加入内容：

SSLEngineOn

SSLOptions+StrictRequire

SSLCertificateFile/etc/ssl/certs/server.crt

SSLCertificateKeyFile/etc/ssl/private/server.key

端口修改为：443，即<VirtualHost *:443>(ssl的端口)

9.重启apache

sudo/etc/init.d/apache2force-reload

sudo/etc/init.d/apache2restart

10. 亲测 https://ip 打开成功。