vi /usr/local/apache/conf/httpd.conf
查找httpd-ssl将前面的#去掉。
2.安装openssl
sudo apt-get install openssl
3. 创建CA签名(不使用密码去除-des3选项)
openssl genrsa -des3 -out server.key 1024
4. 创建CSR(Certificate Signing Request)
openssl req -new -key server.key -out server.csr
5. 自己签发证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
6. 复制到相应目录
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
7.然后再执行
cat >/usr/local/apache/conf/extra/httpd-ssl.conf<<EOF
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProxyCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLProtocol all -SSLv2 -SSLv3
SSLProxyProtocol all -SSLv2 -SSLv3
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/usr/local/apache/logs/ssl_mutex"
SSLStrictSNIVHostCheck on
NameVirtualHost *:443
EOF
8. 修改配置文件
vi /usr/local/apache/conf/extra/httpd-vhosts.conf
加入下列代码:
<VirtualHost *:443>
#php_admin_value open_basedir "/home/wwwroot/default:/tmp/:/var/tmp/:/proc/"
SSLStrictSNIVHostCheck off
DocumentRoot "/home/wwwroot/default" //项目目录
ServerName cyntec.cn //域名
ServerAdmin 111111@outlook.com //邮箱
ErrorLog "/home/wwwlogs/IP-error_log"
CustomLog "/home/wwwlogs/IP-access_log" combined
SSLEngine on
SSLCertificateFile /home/home/crt/2_cyntec.cn.crt //证书目录
SSLCertificateKeyFile /home/home/key/3_cyntec.cn.key //证书目录
<Directory "/home/wwwroot/default">//项目目录
SetOutputFilter DEFLATE
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.html index.PHP
</Directory>
</VirtualHost>
重启
/etc/init.d/httpd restart
如果你想让你的用户访问你的webapp时只使用安全的HTTPS协议,而不是没加密过的HTTP协议,可以这样配置Apache:
在<Virtualhost *:80>里面加入如下内容:
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]