CentOS 6 安裝 Apache SSL (自己發憑證給自己)

參考

How To Create a SSL Certificate on Apache for CentOS 6

安裝 Apache SSL Mod

yum install mod_ssl

1	yum install mod_ssl

建立憑證存放目錄

mkdir /etc/httpd/cert

1	mkdir /etc/httpd/cert

建立憑證

# cd /etc/httpd/cert
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -sha256 -keyout apache.key -out apache.crt

1 2	# cd /etc/httpd/cert # openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -sha256 -keyout apache.key -out apache.crt

在 Common Name 填上自己的網域名稱

Common Name (e.g. server FQDN or YOUR name) []:*.hoyo.idv.tw

1	Common Name (e.g. server FQDN or YOUR name) []:*.hoyo.idv.tw

修改 Apache 設定

CentOS 6 的 Apache SSL 設定並不是在 conf/httpd.conf ，而是由 Include conf.d/*.conf 引入其他設定

SSL 的設定在 /etc/httpd/conf.d/ssl.conf

NameVirtualHost *:443

<VirtualHost *:443>
    DocumentRoot "/WEBSite/www/WWW"
    ServerName bsr.mj-app.com.com:443
    SSLCertificateFile /etc/httpd/ssl/apache.crt
    SSLCertificateKeyFile /etc/httpd/ssl/apache.key

    <Directory "/WEBSite/www/WWW">
       AllowOverride All
       Require all granted
    </Directory>

</VirtualHost>

NameVirtualHost *:443

DocumentRoot "/WEBSite/www/WWW"

ServerName bsr.mj-app.com.com:443

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

AllowOverride All

Require all granted

</Directory>

</VirtualHost>

重新啟動 httpd

systemctl restart httpd

1	systemctl restart httpd

多 VirtualHost 注意事項

How To Set Up Multiple SSL Certificates On a CentOS VPS With Apache Using One IP Address

每個網站都需要自己的憑證

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache2.key -out /etc/httpd/ssl/apache2.crt


Common Name 必須和完整網址一致

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache2.key -out /etc/httpd/ssl/apache2.crt

Common Name 必須和完整網址一致

修改 /etc/httpd/conf.d/ssl.conf

vi /etc/httpd/conf.d/ssl.conf


<VirtualHost *:443>

    DocumentRoot "/WEBSite/AutoDial/WWW"
    ServerName autodial.mj-app.com.tw:443

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/apache2.crt
    SSLCertificateKeyFile /etc/httpd/ssl/apache2.key

    <Directory "/WEBSite/AutoDial/WWW">
       AllowOverride All
    </Directory>

</VirtualHost>

vi /etc/httpd/conf.d/ssl.conf

DocumentRoot "/WEBSite/AutoDial/WWW"

ServerName autodial.mj-app.com.tw:443

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache2.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache2.key

AllowOverride All

</Directory>

</VirtualHost>

建立 localhost 證書

Certificates for localhost

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

openssl req -x509 -out localhost.crt -keyout localhost.key \

-newkey rsa:2048 -nodes -sha256 \

-subj '/CN=localhost' -extensions EXT -config <( \

printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

3,080 total views, 4 views today

CentOS 6 安裝 Apache SSL (自己發憑證給自己)

參考

修改 Apache 設定

多 VirtualHost 注意事項

建立 localhost 證書

Related Post

發佈留言

CentOS 6 安裝 Apache SSL (自己發憑證給自己)

參考

修改 Apache 設定

多 VirtualHost 注意事項

建立 localhost 證書

Related Post

EMQX - 使用 docker

Linux - 有沒有插網路線 & 插網路線偵測

Linux - /etc/crontab 頻率為秒

發佈留言