很多理论知识这里就不提了,如果要深入了解建议先去了解下理论再来看会很容易看懂,下面直接操了。
环境:
CentOS release 6.8 (Final)
apache-2.4.25
1、查看现有apache是否有编译安装过ssl模块
/usr/local/apache/bin/apachectl -l
2、没有的话需要添加ssl模块,apache是以嵌入的方式添加模块的
/usr/local/apache/bin/apxs -i -c -a -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl /usr/local/apache/bin/apxs -c -i mod_ssl.c /usr/local/apache/bin/apxs -c -i mod_ssl.lo ll /usr/local/apache/modules | grep ssl
3、开启ssl扩展功能
sed -i 's/\#Include conf\/extra\/httpd-ssl.conf/Include conf\/extra\/httpd-ssl.conf/' /usr/local/apache/conf/httpd.conf sed -n '140p' /usr/local/apache/conf/httpd.conf LoadModule ssl_module modules/mod_ssl.so
4、生成不可信任额证书,公钥加密,私钥解密。私钥加密,公钥解密
生成服务器私钥
openssl genrsa -des3 -out server.key 2048
生成服务器证书请求,并按照要求填写相关证书信息
openssl req -new -key server.key -out server.csr
签证:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5、修改虚拟主机
sed -n '22,33p' /usr/local/apache/conf/extra/httpd-vhosts.conf # <VirtualHost *:443> ServerAdmin 1009422178@qq.com DocumentRoot "/var/www/html" ServerName www.www.fangqiweb.org ServerAlias www.fangqi.web.org SSLEngine on SSLCertificateFile /usr/local/apache/conf/server.crt SSLCertificateKeyFile /usr/local/apache/conf/server.key ErrorLog "logs/error/www-error_log" CustomLog "|/usr/local/sbin/cronolog /service/apache/logs/access/www-%Y%m%d_log" combined </VirtualHost>
6、添加监听端口
sed -i '53a\Listen 443' httpd.conf
7、检查语法,重启apache
/usr/local/apache/bin/apachectl -t /usr/local/apache/bin/apachectl restart
8、测试访问
9、如果访问不了
防火墙是否允许了https通过
vhost配置文件是否配置错误
apache的主配置文件是否有错误,或者缺少vhost里的目录位置信息
apache的监听端口是否开启
apache是否有正确添加ssl模块
常见错误:
/usr/local/apache/bin/apachectl -t
httpd: Syntax error on line 141 of /usr/local/apache-2.4.25/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: /usr/local/apache-2.4.25/modules/mod_ssl.so: undefined symbol: ssl_cmd_SSLPassPhraseDialog
解决:
/usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
