apache configures https
1. yum installs OpenSSL and openssl-devel, httpd-devel
2. Generate certificates (which can also be obtained from the company's certification authority):
#Create server key OpenSSL genrsa-des3 1024 >/usr/local/apache/conf/server.key # Remove passwords from keys (to avoid being asked for passwords after system boot) OpenSSL rsa-in/usr/local/apache/conf/server.key >/usr/local/apache/conf/server 2.key. mv /usr/local/apache/conf/server2.key /usr/local/apache/conf/server.key#Establishing Server Key Request File openssl req -new -key /usr/local/apache/conf/server.key -out /usr/local/apache/conf/server.csr5>openssl x509 -in /usr/local/apache/conf/server.csr -out# Establish server certificate/usr/local/apache/conf/server.crt-req-signkey/usr/local/apache/conf/server.key-days 365
3. Modify Apache's configuration file httpd.conf
Open the SSL module, without which you need to install dependency packages: mod_ssl, which will be found in modules after installation:
LoadModule ssl_module modules/mod_ssl.so
Introduce SSL configuration file and add support for ssl:
Include conf/extra/httpd-ssl.conf (Remove the comment at the beginning of the line)
Start redirection (optional), automatically redirect to HTTPS using user HTTP access, and configure it directly at the end of http.conf. Add the following at the end of httpd.conf file:
RewriteEngine onRewriteCond %{SERVER_PORT} !^443$RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$1 [L,R]
4. Modify the encrypted file ssl.conf, install httpd through yum, and have ssl.conf configuration file under conf.d directory. We need to configure a Virtual Host and configuration certificate and key in it:
LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex defaultSSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!RC4: <VirtualHost _default_:443> # There must be a virtual host in order to use the jump function and access using port 443. DocumentRoot "/home/store/webroot"Servername https://xxx.com/ ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine onSSLCertificateFile /etc/httpd/conf/cert/xxx.com.crt SSLCertificateKeyFile /etc/httpd/conf/cert/xxx.com.key</VirtualHost>
5. Restart Apache
service httpd restart
Enter https://domain name or domain name: 443 in the browser. If two can be accessed properly, it means that HTTPS has been configured successfully.
In the browser input domain name, if the normal jump to the https connection, that means the jump function is normal.
Starting apache encountered the following problems:
Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration
Go to the bin directory of apache and execute. / httpd -l to see if mode_ssl.c exists. This error indicates that the installation of the SSL module was unsuccessful.
Solution:1. Re-compile apache and add -- enable-ssl --with-ssl parameters
2. Add ssl module to compiled apache
First, use the whereis openssl command to get the path of lib and include
[root@robot /usr/local/apache/modules]# whereis opensslopenssl: /usr/bin/openssl /usr/lib/openssl /usr/include/openssl /usr/share/man/man1/openssl.1ssl.gz
Then in the modules/ssl folder of apache source code, using the command / usr/sbin/apxs-i-a-D HAVE_OPENSSL=1-I/usr/include/openssl/L/usr/lib/openssl/c*.c-lcrypto-lssl-ldl (apxs need to install http-devel l), I have not compiled successfully, so I have compiled this model in other places. Copy mod_ssl.so to the apache module directory / usr / local / apache / modules on the machine of the block