yum install mod_ssl openssl
# 產生私鑰 openssl genrsa -out ca.key 1024 # 產生 CSR openssl req -new -key ca.key -out ca.csr # 產生自我簽署的金鑰 openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt # 複製檔案至正確位置
chmod go-r ca.*
cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr警告:如果你採用 SELinux,請確保你複製這些檔案而不是遷移它們。否則 Apache 將會投訴關於違漏了的憑證檔,因為它無法讀取這些擁有錯誤 SELinux 脈絡的憑證檔。
vim /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
#important , to fix the _default_ VirtualHost overlap on port 443, the first has precedence problem
NameVirtualHost *:443
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 0.0.0.0:443
沒有留言:
張貼留言