本地生成证书 1.安装mod_ssl和openssl yum -y install mod_ssl openssl 2.建立服务器密钥 mkdir /etc/httpd/conf.d/ssl.key/ cd /etc/httpd/conf.d/ssl.key/ openssl genrsa -out server.key 1024 3.建立服务器公钥 openssl req -new -key server.key -out server.csr 4.建立服务器证书 openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 5.最后对/etc/httpd/conf.d/ssl.conf 进行修改:将SSLCertificateFile和SSLCertificateKeyFile改成如下 SSLCertificateFile /etc/httpd/conf.d/ssl.key/server.cert SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/server.key 6.重启apache 7.高级-》继续访问 生成服务器私钥(详细说明): #openssl genrsa -des3 -out server.key 1024 Generating RSA private key, 1024 bit long modulus .......................++++++ .................................................++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: 生成服务器证书请求,并按要求填些相关证书信息: #openssl req -new -key server.key -out server.csr 如果要生成中文证书用 #openssl req -utf8 -new -key server.key -out server.csr Enter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:tyl Organization Name (eg, company) [Internet Widgits Pty Ltd]:tz Organizational Unit Name (eg, section) []:tz Common Name (eg, YOUR name) []:tyl(这个名字要和域名一样) Email Address []:admin@php2.cc Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Apache虚拟机配置: SSLEngine on SSLCertificateFile conf/cert/www.php2.cc.crt SSLCertificateKeyFile conf/cert/www.php2.cc.key SSLCertificateChainFile conf/cert/bundle_www.php2.cc.crt SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLCipherSuite EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5 DocumentRoot /www/web/test/public_html ServerName www.php2.cc ErrorDocument 400 /errpage/400.html ErrorDocument 403 /errpage/403.html ErrorDocument 404 /errpage/404.html ErrorDocument 503 /errpage/503.html Options FollowSymLinks AllowOverride All Require all granted Nginx虚拟机配置: server { listen 443; root "/phpstudy/www/website"; ssl on; ssl_certificate ssl.key/server.crt; ssl_certificate_key ssl.key/server.key; ssl_prefer_server_ciphers on; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; server_name 192.168.0.29; index index.html index.php index.htm; location ~ \.php(.*)$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param SCRIPT_FILENAME $DOCUMENT_ROOT$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; include fastcgi_params; } location ~ /\.ht { deny all; } location / { try_files $uri $uri/ /?$args; } }
PHP技术交流QQ群:422137578 除非注明,文章均为 PHP二次开发 原创,转载请注明本文地址:http://www.php2.cc/article-2671-1.html |