-
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
生成根证书:
# ./new-root-ca.sh (生成根证书)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HaiNan
Locality Name (eg, city) [Sitiawan]:HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Certification Services Division]:ACSTAR
Common Name (eg, MD Root CA) []:WISCOM CA
Email Address []:acmail@wiscom.com.cn这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
生成server证书:
# ./new-server-cert.sh server (这个证书的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:HaiNan
Locality Name (eg, city) [Sitiawan]:HaiKou
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Secure Web Server]:ACSTAR
Common Name (eg, www.domain.com) []:acmail.wiscom.com.cn
Email Address []:acmail@wiscom.com.cn这样就生成了server.csr和server.key这两个文件。
签署server证书:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JiangSu'
localityName :PRINTABLE:'NanJing'
organizationName :PRINTABLE:'Wiscom System Co.,Ltd'
organizationalUnitName:PRINTABLE:'ACSTAR'
commonName :PRINTABLE:'acmail.wiscom.com.cn'
emailAddress :IA5STRING:'acmail@wiscom.com.cn'
Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK
(如果这里出现错误,最好重新来过,删除ssl.ca-0.1这个目录,从解压缩处重新开始。)下面要按照ssl.conf里面的设置,将证书放在适当的位置。
# chmod 400 server.key
# cd ..
# mkdir ssl.key
# mv ssl.ca-0.1/server.key ssl.key
# mkdir ssl.crt
# mv ssl.ca-0.1/server.crt ssl.crt然后就可以启动啦!
# cd /usr/local/apache2
# ./bin/apachectl startssl---------------------------------------------------------------------------------------------------------
//安装apache扩展
yum -y install httpd-manual mod_ssl mod_perl mod_auth_mysql//安装php扩展
yum -y install php-gd php-xml php-mbstring php-ldap php-pear//安装mysql扩展
yum -y install mysql-connector-odbc mysql-devel libdbi-dbd-mysql
相关文章
- 生成apache证书(https应用)
- SpringBoot -- 软件许可(License)证书生成+验证+应用完整流程
- Docker应用四:搭建docker镜像仓库(包括自生成https证书、登陆认证)
- linux下生成https的crt和key证书
- 【教程】Let\'s Encrypt配置免费SSL证书建立HTTPS(Ubuntu+Apache)
- MAC: 自己制作https的ssl证书(自己签发免费ssl证书)(OPENSSL生成SSL自签证书)
- mac电脑配置本地tomcat https 生成证书
- android通过生成bks证书来访问https的实现
- 在docker下Nginx生成ssl证书https协议
- https服务器如何生成自签名证书