LAMP建站步骤

作者佚名技术来源 Linux系统浏览发布时间 2012-04-06

host ssl.ca-0.1]# ls ca* 查看一下是否存在
ca.crt ca.key
--------------------------------------
下面还要为服务器生成一个证书,也就是要部署到apache的证书：
[root@localhost ssl.ca-0.1]# ./new-server-cert.sh server (这个证书的名字是server,当然

,你也可以随便写)
No server.key round. Generating one
Generating RSA private key, 1024 bit long modulus
.....
.....
e is 65537 (0x10001)
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ''.'', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:China
Locality Name (eg, city) [Sitiawan]:ShanDong
Organization Name (eg, company) [My Directory Sdn Bhd]:sye.com
Organizational Unit Name (eg, section) [Secure Web Server]:sye
Common Name (eg, www.domain.com) []:NO2
Email Address []:sye@mail.com
You may now run ./sign-server-cert.sh to get it signed
这样就生成了server.csr和server.key这两个文件.
]# ls server* 同样查看一下是否存在
====================================
签署一下才能使用的：
[root@localhost ssl.ca-0.1]# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:1234（我们开始设置的密码）
Check that the request matches the signature
Signature ok
The Subject''s Distinguished Name is as follows
countryName :PRINTABLE:''CN''

Empire CMS,phome.net

stateOrProvinceName :PRINTABLE:''China''
localityName :PRINTABLE:''ShanDong''
organizationName :PRINTABLE:''sye.com''
organizationalUnitName:PRINTABLE:''sye''
commonName :PRINTABLE:''NO2''
emailAddress :IA5STRING:''sye@mail.com''
Certificate is to be certified until March 29 16:57:31 2011 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
===============================
下面修改一下 apache 的配置 ]# vi /etc/httpd.conf
修改前：
# Secure (SSL/TLS) connections
# Include /etc/extra/httpd-ssl.conf
去掉 # 修改后：
# Secure (SSL/TLS) connections
Include /etc/extra/httpd-ssl.conf
保存退出
可以说 apache httpd-2.2.8 真的很方便, 只需要去掉那一行注释就可以使用 ssl 了
但是在编译安装时候一定要加入 -enable-ssl
----------------------------
把 server.crt server.key 拷贝到 /etc 目录下
[root@localhost ssl.ca-0.1]# cp server.crt /etc/server.crt
[root@localhost ssl.ca-0.1]# cp server.key /etc/server.key
关闭 apache
[root@localhost ssl.ca-0.1]# /usr/local/apache2/bin/apachectl stop &
再启动 apache
[root@localhost ssl.ca-0.1]# /usr/local/apache2/bin/apachectl start &
]# netstat -tnl

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务，公司网站：http://www.lingzhong.cn 为了给广大客户了解更多的技术信息，本技术文章收集来源于网络,凌众科技尊重文章作者的版权，如果有涉及你的版权有必要删除你的文章，请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!

分享到：更多

你可能对下面的文章感兴趣

上一篇: 操作系统中Linux配置大量IP地址轻松搞定下一篇: Linux压缩与解压缩命令学习笔记

关于LAMP建站步骤的所有评论

随机推荐