接上篇,忘记发了。
- 拷贝所需文件
rm -rf ../enduser-certs/*.csr mkdir /usr/local/apache/conf/certs cp ../enduser-certs/* /usr/local/apache/conf/certs/
- 检查、修改主配置文件,确认已加载SSL相关模块
vim /usr/local/apache/conf/httpd.conf
- 修改httpd-ssl.conf配置文件,将虚拟主机相关行都注释掉,其它按其默认即可:
- 修改虚拟主机配置文件,添加SSL虚拟主机项,刚在conf/extra/httpd-ssl.conf中注释行即示例
vim /usr/local/apache/conf/extra/httpd-vhosts.conf
<VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/data/www/siteA/" ServerName www.example.com ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.example.com-error-%Y_%m_%d.log 2M" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.example.com-error-%Y_%m_%d.log 86400 480" </VirtualHost> <VirtualHost *:443> ServerName www.example.com ServerAdmin [email protected] DocumentRoot "/data/www/siteA/" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-error-%Y_%m_%d.log 2M" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-error-%Y_%m_%d.log 86400 480" TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-access-%Y_%m_%d.log 2M" TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.example.com-access-%Y_%m_%d.log 86400 480" SSLEngine on SSLCertificateFile "/usr/local/apache/conf/certs/ example.com.crt" SSLCertificateKeyFile "/usr/local/apache/conf/certs/server.key" SSLCertificateChainFile "/usr/local/apache/conf/certs/cert.chain" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> <Directory "/data/www/siteA"> Options Indexes FollowSymLinks AllowOverride AuthConfig ALL Require all granted </Directory> <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/data/www/siteB/" ServerName www.txtyw.com ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.txtyw.com-error-%Y_%m_%d.log 2M" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/www.txtyw.com-error-%Y_%m_%d.log 86400 480" </VirtualHost> <VirtualHost *:443> ServerName www.txtyw.com ServerAdmin [email protected] DocumentRoot "/data/www/siteB/" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-error-%Y_%m_%d.log 2M" ErrorLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-error-%Y_%m_%d.log 86400 480" TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-access-%Y_%m_%d.log 2M" TransferLog "| /usr/local/apache/bin/rotatelogs logs/ssl-www.txtyw.com-access-%Y_%m_%d.log 86400 480" SSLEngine on SSLCertificateFile "/usr/local/apache/conf/certs/ txtyw.com.crt" SSLCertificateKeyFile "/usr/local/apache/conf/certs/srv/server.key" SSLCertificateChainFile "/usr/local/apache/conf/certs/cert.chain" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </VirtualHost> <Directory "/data/www/siteB"> Options Indexes FollowSymLinks AllowOverride AuthConfig ALL Require all granted </Directory>
- 建立相关网站目录并设置权限
mkdir /data/www/site{A,B} echo "this is www.example.com" > /data/www/siteA/index.html echo "this is www.txtyw.com" > /data/www/siteB/index.html chown -R apache:apache /data/www/ chcon -R -t http_t /data/www/
- 设置服务器私钥文件apache可读
chmod 440 certs/srv/server.key chgrp apache certs/srv/server.key
- 重启apache服务,即可生效
/usr/local/apache/bin/apachectl restart
- 使用BIND-DNS设置www.example.com和www.txtyw.com的解析即可
然后客户端即可以https访问域名
- 已可进行加密连接
但可以看到上面有x,提示无法验证证书可信性,因为是我们自己做的,让它任也简单,将根证书安装到主机受信任证书颁发机构即可: