怎样在Apache上安装MOD_SSL
apache
作者:sustomer
手工签署证书的方法
虽然在安装MOD_SSL时已经使用 make certificate 命令建立了服务器
的证书签名,但是有时你可能需要改变它。
当然有很多自动的脚本可以实现它,但是最可靠的方法是手工签署
证书。
首先我假定你已经安装好了openssl和MOD_SSL,如果你的openssl安装时
的prefix设置为/usr/local/openssl,那么把/usr/local/openssl/bin加入
执行文件查找路径。还需要MOD_SSL源代码中的一个脚本,它在MOD_SSL的
源代码目录树下的pkg.contrib目录中,文件名为 sign.sh。
将它拷贝到 /usr/local/openssl/bin 中。
先建立一个 CA 的证书,
首先为 CA 创建一个 RSA 私用密钥,
[S-1]
openssl genrsa -des3 -out ca.key 1024
系统提示输入 PEM pass phrase,也就是密码,输入后牢记它。
生成 ca.key 文件,将文件属性改为400,并放在安全的地方。
[S-2]
chmod 400 ca.key
你可以用下列命令查看它的内容,
[S-3]
openssl rsa -noout -text -in ca.key
利用 CA 的 RSA 密钥创建一个自签署的 CA 证书(X.509结构)
[S-4]
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
然后需要输入下列信息:
Country Name: cn 两个字母的国家代号
State or Province Name: An Hui 省份名称
Locality Name: Bengbu 城市名称
Organization Name: Family Network 公司名称
Organizational Unit Name: Home 部门名称
Common Name: Chen Yang 你的姓名
Email Address: sunstorm@263.net Email地址
生成 ca.crt 文件,将文件属性改为400,并放在安全的地方。
[S-5]
chmod 400 ca.crt
你可以用下列命令查看它的内容,
[S-6]
openssl x509 -noout -text -in ca.crt
下面要创建服务器证书签署请求,
首先为你的 Apache 创建一个 RSA 私用密钥:
[S-7]
openssl genrsa -des3 -out server.key 1024
这里也要设定pass phrase。
生成 server.key 文件,将文件属性改为400,并放在安全的地方。
[S-8]
chmod 400 server.key
你可以用下列命令查看它的内容,
[S-9]
openssl rsa -noout -text -in server.key
用 server.key 生成证书签署请求 CSR.
[S-10]
openssl req -new -key server.key -out server.csr
这里也要输入一些信息,和[S-4]中的内容类似。
至于 'extra' attributes 不用输入。
你可以查看 CSR 的细节
[S-11]
openssl req -noout -text -in server.csr
下面可以签署证书了,需要用到脚本 sign.sh
[S-12]
sign.sh server.csr
就可以得到server.crt。
将文件属性改为400,并放在安全的地方。
[S-13]
chmod 400 server.crt
删除CSR
[S-14]
rm server.csr
最后apache设置
如果你的apache编译参数prefix为/usr/local/apache,
那么拷贝server.crt 和 server.key 到 /usr/local/apache/conf
修改httpd.conf
将下面的参数改为:
SSLCertificateFILE /usr/local/apache/conf/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/server.key
可以 apachectl startssl 试一下了。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP Framework Performance Comparison: The Ultimate Showdown of Speed vs. Efficiency
Apr 30, 2024 pm 12:27 PM
According to benchmarks, Laravel excels in page loading speed and database queries, while CodeIgniter excels in data processing. When choosing a PHP framework, you should consider application size, traffic patterns, and development team skills.
Unpatchable Yubico two-factor authentication key vulnerability breaks the security of most Yubikey 5, Security Key, and YubiHSM 2FA devices
Sep 04, 2024 pm 06:32 PM
An unpatchable Yubico two-factor authentication key vulnerability has broken the security of most Yubikey 5, Security Key, and YubiHSM 2FA devices. The Feitian A22 JavaCard and other devices using Infineon SLB96xx series TPMs are also vulnerable.All
How to conduct concurrency testing and debugging in Java concurrent programming?
May 09, 2024 am 09:33 AM
Concurrency testing and debugging Concurrency testing and debugging in Java concurrent programming are crucial and the following techniques are available: Concurrency testing: Unit testing: Isolate and test a single concurrent task. Integration testing: testing the interaction between multiple concurrent tasks. Load testing: Evaluate an application's performance and scalability under heavy load. Concurrency Debugging: Breakpoints: Pause thread execution and inspect variables or execute code. Logging: Record thread events and status. Stack trace: Identify the source of the exception. Visualization tools: Monitor thread activity and resource usage.
How to add a server in eclipse
May 05, 2024 pm 07:27 PM
To add a server to Eclipse, follow these steps: Create a server runtime environment Configure the server Create a server instance Select the server runtime environment Configure the server instance Start the server deployment project
The evasive module protects your website from application layer DOS attacks
Apr 30, 2024 pm 05:34 PM
There are a variety of attack methods that can take a website offline, and the more complex methods involve technical knowledge of databases and programming. A simpler method is called a "DenialOfService" (DOS) attack. The name of this attack method comes from its intention: to cause normal service requests from ordinary customers or website visitors to be denied. Generally speaking, there are two forms of DOS attacks: the third and fourth layers of the OSI model, that is, the network layer attack. The seventh layer of the OSI model, that is, the application layer attack. The first type of DOS attack - the network layer, occurs when a large number of of junk traffic flows to the web server. When spam traffic exceeds the network's ability to handle it, the website goes down. The second type of DOS attack is at the application layer and uses combined
Application of algorithms in the construction of 58 portrait platform
May 09, 2024 am 09:01 AM
1. Background of the Construction of 58 Portraits Platform First of all, I would like to share with you the background of the construction of the 58 Portrait Platform. 1. The traditional thinking of the traditional profiling platform is no longer enough. Building a user profiling platform relies on data warehouse modeling capabilities to integrate data from multiple business lines to build accurate user portraits; it also requires data mining to understand user behavior, interests and needs, and provide algorithms. side capabilities; finally, it also needs to have data platform capabilities to efficiently store, query and share user profile data and provide profile services. The main difference between a self-built business profiling platform and a middle-office profiling platform is that the self-built profiling platform serves a single business line and can be customized on demand; the mid-office platform serves multiple business lines, has complex modeling, and provides more general capabilities. 2.58 User portraits of the background of Zhongtai portrait construction
How to deploy and maintain a website using PHP
May 03, 2024 am 08:54 AM
To successfully deploy and maintain a PHP website, you need to perform the following steps: Select a web server (such as Apache or Nginx) Install PHP Create a database and connect PHP Upload code to the server Set up domain name and DNS Monitoring website maintenance steps include updating PHP and web servers, and backing up the website , monitor error logs and update content.
How to implement PHP security best practices
May 05, 2024 am 10:51 AM
How to Implement PHP Security Best Practices PHP is one of the most popular backend web programming languages used for creating dynamic and interactive websites. However, PHP code can be vulnerable to various security vulnerabilities. Implementing security best practices is critical to protecting your web applications from these threats. Input validation Input validation is a critical first step in validating user input and preventing malicious input such as SQL injection. PHP provides a variety of input validation functions, such as filter_var() and preg_match(). Example: $username=filter_var($_POST['username'],FILTER_SANIT
