本文提供了解决Apache服务器SSL配置中常见错误的详细步骤,包括生成密钥、证书请求及自签名证书的过程,确保HTTPS服务正常运行。
文章索引:SSLCertificateFile: file '/etc/httpd/server.crt' does not exist or is empty
步骤1:修改配置文件
$ vi /usr/local/apache/conf/httpd.conf
#去掉这里注释
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#增加下面这行
Include /etc/httpd/extra/httpd-ssl.conf
</IfModule>
步骤2:重启
[root@GWZNFXYHPT17 ~]# service httpd start
正在启动 httpd:AH00526: Syntax error on line 106 of /etc/httpd/extra/httpd-ssl.conf:
SSLCertificateFile: file '/etc/httpd/server.crt' does not exist or is empty
[失败]
步骤3:处理报错
第一步:生成密钥
命令:openssl genrsa 2048 > /etc/httpd/server.key
说明:这是用256位rsa算法生成密钥,得到server.key文件
第二步: 生成证书请求
命令:openssl req -new -key /etc/httpd/server.key > /etc/httpd/server.csr
说明:这是用步骤1的密钥生成证书请求文件server.csr
[root@GWZNFXYHPT17 ~]# openssl req -new -key /etc/httpd/server.key > /etc/httpd/server.csr
...
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:guangdong
Locality Name (eg, city) []:guangzhou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:skyvision
Organizational Unit Name (eg, section) []:cattsoft
Common Name (e.g. server FQDN or YOUR name) []:root
Email Address []:cattsoft
A challenge password []: ← 可以不输入
An optional company name []: ← 可以不输入
第三步: 生成证书请求
命令:openssl req -x509 -days 3650 -key /etc/httpd/server.key -in /etc/httpd/server.csr > /etc/httpd/server.crt
说明:这是用步骤1,2的的密钥和证书请求生成证书server.crt,-days参数指明证书有效期,单位为天
到这里就可以尝试启动apache了
service httpd restart
这个启动默认配置文件在 /etc/httpd/httpd.conf
或者指定配置文件启动
[root@GWZNFXYHPT17 apache]# ./bin/httpd -k start -f ./conf/httpd.conf
扫一扫
2273
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
