Apache简单配置SSL的方法(HTTPS的实现)

yum install -y openssl
yum install -y httpd
yum install -y mod_ssl

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

systemctl enable httpd
systemctl start httpd

$ openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
.++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:  
Verifying - Enter pass phrase for server.key:

$ openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:  
You are about to be asked to enter information that will be incorporated
into your certificate request.  
What you are about to enter is what is called a Distinguished Name or a DN.  
There are quite a few fields but you can leave some blank  
For some fields there will be a default value,  
If you enter '.', the field will be left blank.  
Country Name (2 letter code) [AU]:  
State or Province Name (full name) [Some-State]:  
Locality Name (eg, city) []:  
Organization Name (eg, company) [Internet Widgits Pty Ltd]:  
Organizational Unit Name (eg, section) []:  
Common Name (e.g. server FQDN or YOUR name) []:  
Email Address []:  

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  
An optional company name []:

$ openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

mv server.* /etc/pki/tls

SSLCertificateFile /etc/pki/tls/server.crt
SSLCertificateKeyFile /etc/pki/tls/server.key

systemctl restart httpd

$ sudo a2enmod ssl

Considering dependency setenvif for ssl:  
Module setenvif already enabled  
Considering dependency mime for ssl:  
Module mime already enabled  
Considering dependency socache_shmcb for ssl:  
Enabling module socache_shmcb.  
Enabling module ssl.  
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.  
To activate the new configuration, you need to run:  
  service apache2 restart

$ sudo a2enmod ssl

Considering dependency setenvif for ssl:  
Module setenvif already enabled  
Considering dependency mime for ssl:  
Module mime already enabled  
Considering dependency socache_shmcb for ssl:  
Module socache_shmcb already enabled  
Module ssl already enabled

$ sudo apt-get install openssl

$ openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
.++++++
......++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:  
Verifying - Enter pass phrase for server.key:

$ openssl req -new -key server.key -out server.csr

Enter pass phrase for server.key:  
You are about to be asked to enter information that will be incorporated
into your certificate request.  
What you are about to enter is what is called a Distinguished Name or a DN.  
There are quite a few fields but you can leave some blank  
For some fields there will be a default value,  
If you enter '.', the field will be left blank.  
Country Name (2 letter code) [AU]:  
State or Province Name (full name) [Some-State]:  
Locality Name (eg, city) []:  
Organization Name (eg, company) [Internet Widgits Pty Ltd]:  
Organizational Unit Name (eg, section) []:  
Common Name (e.g. server FQDN or YOUR name) []:  
Email Address []:  

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  
An optional company name []:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

$ cp server.crt /etc/ssl/certs  
$ cp server.key /etc/ssl/private

$ cp /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/001-ssl.conf

$ vim /etc/apache2/sites-enabled/001-ssl.conf

SSLEngine On  
SSLOptions +StrictRequire  
SSLCertificateFile /etc/ssl/certs/server.crt  
SSLCertificateKeyFile /etc/ssl/private/server.key

service apache2 restart