设置APACHE支持SSL

总体分两步：一、生成SSL证书；二、设置Apache的SSL配置

1.   安装openssl

yum install mod_ssl openssl

2.    生成自签名的证书

[plain]  view plain  copy

1. #Generate private key   
2. openssl genrsa -out ca.key 2048   
3. #Generate CSR Certificate Signing Request   
4. openssl req -new -key ca.key -out ca.csr  
5. #Generate Self Signed Certificate  
6. openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt  

3.    证书放到规范的目录中

[plain]  view plain  copy

1. #Copy the files to the correct locations  
2. cp ca.crt /etc/pki/tls/certs  
3. cp ca.key /etc/pki/tls/private/ca.key  
4. cp ca.csr /etc/pki/tls/private/ca.csr  

4.    修改Apache的SSL配置

Edit the Apache SSL configuration file /etc/httpd/conf.d/ssl.conf.

Change the paths to match where the Keyfile is stored.

[plain]  view plain  copy

1. SSLCertificateFile /etc/pki/tls/certs/ca.crt  

Then set the correct path for theCertificate Key File a few lines below.

[plain]  view plain  copy

1. SSLCertificateKeyFile /etc/pki/tls/private/ca.key  

Quit and save the file.

5.    重启Apache

[plain]  view plain  copy

1. service httpd restart  

All being well you should now be ableto connect over https to your server. As the certificate is self signedbrowsers will generally ask you whether you want to accept the certificate.