Centos 64位 Install certificate on apache 即走https协议
Centos 64位 Install certificate on apache 即走https协议
一:
先要apache 请求ssl证书的csr 一下是步骤:
重要注意事项 An Important Note Before You Start
在生成CSR文件时同时生成您的私钥,如果您丢了私钥或忘了私钥密码,则颁发 证书给您后不能安装成功!您必须重新生成私钥和CSR文件,免费重新颁发新的 证书。为了避免此情况的发生,请在生成CSR后一定要备份私钥文件和记住私钥 密码,最好是在收到证书之前不要再动服务器。 By far the most common problem users have when going through this process is related to private keys. If you lose or cannot access a private key, you cannot use the certificate we issue to you and will need to request a free reissue. To ensure this never happens, we advise that a backup of the private key file is made and that a note is made of the password that is used to protect the export of the private key.
“openssl”用于生成私钥和CSR,OpenSSL一般安装在/user/bin下,如果您的 系统安装在其他目录,请指定正确的目录路径。 The utility "openssl" that you use to generate the private key and CSR comes with the OpenSSL toolkit and is usually installed under /usr/bin. If you have installed it elsewhere you will need to modify these instructions appropriately.
以下所有命令假设您已经成功安装OpenSSL,将产生2048位的密钥,加密算法 采用3DES,您必须使用您要申请SSL证书的域名来命名密钥文件。 The following sequence of commands will generate a 2048 bit key, encrypt it using the triple-DES cipher, and create a CSR based upon it (they assume that you have openssl in your path - if not then you should prefix the openssl command with the path to the binary). You should use the domain name that you are wishing to have certified as the core of the filenames. You should also make sure you do not overwrite existing keys and CSR's:
1. 生成私钥 Generate the private key
请使用以下命令来生成私钥 Please type the following command at the prompt:
openssl genrsa -des3 -out www.mydomain.com.key 2048
www.mydomain.com.key,会提示您设定私钥密码,请设置密码,并牢记!
This command will generate a 1024 bit RSA private key and stores it in
the file www.mydomain.com.key. It will ask you for a pass phrase: use
something secure and remember it. Your certificate will be useless without
it's corresponding key
2. 生成 CSR 文件 Generate the CSR 请使用以下命令来生成CSR Please type the following command at the prompt:
openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
如果提示“Unable to load config info from /usr/local/ssl/openssl.cnf ”, 则加上一个指定openssl.cnf 路径的参数: openssl req -new -config openssl.cnf -key www.mydomain.com.key -out www.mydomain.com.csr
此命令将提示您输入X.509证书所要求的字段信息,包括国家(中国添CN)、省 份、所在城市、单位名称、单位部门名称(可以不填直接回车)。请注意: 除国 家缩写必须填CN外,其余都可以是英文或中文。
This command will prompt you for the X.509 attributes of your certificate. Enter your country, state or province and locality or city. You should enter the company name as it appears on your official company registration documents. The organization unit is optional, we verify and authenticate the company name and not the organization unit. To skip the organization unit (OU) field please press enter on your keyboard.
请输入您要申请SSL证书的域名,如果您需要为www.domain.com申请SSL证书 就不能只输入domain.com。SSL证书是严格绑定域名的。 The term "Common Name" is X.509 speak for the name that distinguishes the certificate best, and ties it to your Organization. Enter your exact host and domain name that you wish to secure. Example: If you wish to secure www.mydomain.com, then you will need to enter the exact host (www) and domain name (mydomain.com) in this field. If you enter mydomain.com then the certificate issued to you will only work error free on https://mydomain.com. It will cause a certificate mismatch error when you or your users access the domain via https:// www.mydomain.com.
注意: Common name 一定得写好 nihao.com 就不能是 www.nihao.com
请不要输入Email、口令(challenge password)和可选的公司名称,直接打回车 即可。 Please do not enter your email address, challenge password or an optional company name when generating the CSR.
您现在已经成功生成了密钥对,私钥文件:www.mydomain.com.key 保存在您的 服务器中, 请把CSR文件:www.mydomain.com.csr 发给Willrey/Thawte即可, CSR文件格式如下图所示。 You have now created a public/private key pair. The private key (www.mydomain.com.key) is stored locally on your machine and is used for decryption. The public portion is sent to thawte in the form of a Certificate Signing Request, and will be used by your users to encrypt the data they send to your site. The Certificate Signing Request (CSR) looks something like this:
openssl req -new -nodes -keyout myserver.key -out myserver.csr 或 openssl req -new -config openssl.cnf -nodes -keyout myserver.key -out myserver.csr
3. 备份私钥文件 Backup your private key
请备份您的私钥文件并记下私钥密码。最好是把私钥文件备份到软盘或光盘中。 Please backup your keystore file and make a note of the password. A good choice is to create a copy of this file onto a diskette or other removeable media.
完成之后 你就会受到 你购买的证书的机构发给你的确认邮件 里边就是你的 web server certificate 也就是接下来的 public .crt
二.
Step 1: Save your SSL Certificate File
Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as Notepad including the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
Save the certificate file as public.crt
Step 2: Obtain the Intermediate CA Bundle
Here is the intermediate file: intermediate_file (你网站的web certificate)
Right click the above intermediate_file link and save as intermediate.crt
Step 3: Set up your httpd.conf file
Open your httpd.conf file (some installations keep the SSL section separately in the ssl.conf file or separate ) using a text editor, and locate the virtual host section for the site for which the SSL Certificate will secure.
Your virtual host section will need to contain the following directives:
SSLCertificateFile – This will need to point to the your SSL certificate itself that we issued to you
SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
SSLCertificateChainFile – This will need to point to the the intermediate file
Note: Some versions of Apache will not accept the SSLCACertificateFile directive. Try usingSSLCertificateChainFile instead.
For example
Save the changes to the file and quit the text editor
Stop and start apache to register the change.
Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.
Centos 64位 Install certificate on apache 即走https协议的更多相关文章
- Centos(64位)安装Hbase详细步骤
HBase是一个分布式的.面向列的开源数据库,该技术来源于 Fay Chang 所撰写的Google论文“Bigtable:一个结构化数据的分布式存储系统”.就像Bigtable利用了Google文件 ...
- 如何安装NodeJS到阿里云Centos (64位版本V5-7)
如何安装NodeJS到阿里云Centos (64位版本V5-7) (Centos与Red Hat® Enterprise Linux® / RHEL, Fedora属于一类) 1) 安装v0.10版 ...
- centos 64位系统安装
由于centos 64位镜像大于4G,所以U盘装不进去.iso镜像,选择网络安装的方法或者使用一个U盘制作启动盘和一个硬盘来装镜像的方法. 1 网络安装第一步 下载 CentOS 安装 ISO 浏览 ...
- Win7系统64位环境下使用Apache——Apache2.4版本安装及卸载
转载请注明出处:http://blog.csdn.net/dongdong9223/article/details/70255992 本文出自[我是干勾鱼的博客] 之前在Win7系统64位环境下使用A ...
- centos 64位 下hadoop-2.7.2 下编译
centos 64位 下hadoop-2.7.2 下编译 由于机器安装的是centos 6.7 64位 系统 从hadoop中下载是32位 hadoop 依赖的的库是libhadoop.so 是3 ...
- 1G1核1M选择 Centos 32位 还是 Centos 64位?
前几天有个疑惑,现有一台云主机是 1G1核1M使用 Centos 64位会不有点浪费. 还专门发信息询问老大 Karson,老大说现 FastAdmin 都是三个1,也是 64 位的. 看 FastA ...
- Win7系统64位环境下使用Apache——安装Apache2.4时报错“Invalid command Order”问题的解决
之前在文章Win7系统64位环境下使用Apache--Apache2.4整合Tomcat与mod_jk提到了安装Apache2.4时有可能报错: Invalid command 'Order', pe ...
- Win7系统64位环境下使用Apache——Apache2.4整合Tomcat与mod_jk
转载请注明出处:http://blog.csdn.net/dongdong9223/article/details/70398091 本文出自[我是干勾鱼的博客] 之前的几篇文章: Win7系统64位 ...
- Win7系统64位环境下使用Apache——下载mod_jk
转载请注明出处:http://blog.csdn.net/dongdong9223/article/details/70313329 本文出自[我是干勾鱼的博客] 之前在几篇文章: Win7系统64位 ...
随机推荐
- springmvc实现long-pulling技术
背景介绍: 项目中有一个通讯模块,本来是用websocket全双工技术实现的,但IE10下面不支持websocket,而国内的360.2345浏 览器封装的所有是IE10下面的内核,考虑到站点在国内的 ...
- easyui datagrid shift 多选
<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta na ...
- IBM BigInsights 3.0.0.2 集群环境搭建
1. 改动hosts文件和永久主机名 由于BigInsights 3.0版本号不像之前的版本号能够直接用IP来添加节点,因此我们须要更改每台server的hosts文件和主机名: vim/etc/ho ...
- MEF框架在Silverlight中应用(15)
原文:MEF框架在Silverlight中应用(15) MEF框架在Silverlight中应用 代码下载 MEF框架是微软提供的一个插件框架.应用概括为一句话:输入,输出,组合.下面是具体在Silv ...
- socket在windows下和linux下的区别
原文:socket在windows下和linux下的区别 1)头文件 windows下winsock.h/winsock2.h linux下sys/socket.h 错误处理:errno.h 2 ...
- 【phpMyAdmin】更改配置文件连接到其他server
默认phpMyAdmin安装完毕后对机器的访问mysql,但有时我们需要访问其它server的mysql数据库,所以我们需要配置. 真,phpMyAdmin已经为我们做了配置的选项.可是须要我们进行一 ...
- C# 复习(1) 委托与事件
委托定义顺序 1. 声明一个委托 2.定义一个委托变量 3. 委托变量的初始化或者给委托变量绑定一个方法 4.调用委托 事件:事件是对委托的封装. 事件只能在创建事件的类的内部调用. public c ...
- 快速构建Windows 8风格应用27-漫游应用数据
原文:快速构建Windows 8风格应用27-漫游应用数据 本篇博文主要介绍漫游应用数据概览.如何构建漫游应用数据.构建漫游应用数据最佳实践. 一.漫游应用数据概览 1.若应用当中使用了漫游应用数据, ...
- leetcode第五题--Longest Palindromic Substring
Problem:Given a string S, find the longest palindromic substring in S. You may assume that the maxim ...
- 如何把va_list可变参数传送到下一级函数中(如传送到printf)
最近我在一个LCD上想实现打印格式化字符串的功能,实现这样的功能可有两种方式: 一 最直接的就是自己去解析类似于printf功能的一个函数: 二 比较简单的方法是使用已有的sprintf功能,把格式化 ...