nginx and apache https 配置

Unix/Linux 生成證書和密鑰

確認是否安裝ssl模塊，是否有mod_ssl.so文件

生成密鑰

# 生成密鑰
# 這是用128位rsa算法生成密鑰，獲得 api-afd-server.key 文件
tools/servers » openssl genrsa 1024 >api-afd-server.key
Generating RSA private key, 1024 bit long modulus
...................++++++
.............++++++
e is 65537 (0x10001)

生成證書請求文件

# 生成證書請求文件
# 這是用步驟1的密鑰生成證書請求文件server.csr, 這一步提不少問題，一一輸入
tools/servers » openssl req -new -key api-afd-server.key > api-afd-server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ZH-CN
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GuangZhou
Locality Name (eg, city) []:Shenzhen
Organization Name (eg, company) [Internet Widgits Pty Ltd]:afd
Organizational Unit Name (eg, section) []:afd-yunbei
Common Name (e.g. server FQDN or YOUR name) []:afd-api
Email Address []:leeyisoft@qq.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:afd

生成證書

# 生成證書
# 這是用步驟1,2的的密鑰和證書請求生成證書server.crt，-days參數指明證書有效期，單位爲天
tools/servers » openssl req -x509 -days 365 -key api-afd-server.key -in api-afd-server.csr > api-afd-server.crt

windows 生成證書和密鑰

生成證書須要 openssl工具，我用的是 MINGW32

步驟1：生成密鑰

命令：openssl genrsa 1024 > server.key 說明：這是用128位rsa算法生成密鑰，獲得server.key文件

步驟2: 生成證書請求文件

命令：openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -new -key server.key > server.csr 說明：這是用步驟1的密鑰生成證書請求文件server.csr, 這一步提不少問題，一一輸入

步驟3: 生成證書

命令：openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt 說明：這是用步驟1,2的的密鑰和證書請求生成證書server.crt，-days參數指明證書有效期，單位爲天 把獲得的server.key和server.crt文件拷貝到apache的對應目錄

nginx https 配置

參考 http://nginx.org/cn/docs/http/configuring_https_servers.html#optimization

添加以下配置（完成後記得 reload nginx服務）：

server { 
listen 80;
listen 443 ssl;
ssl on;
server_name 127.0.0.1 192.168.1.202 myweb.name www.myweb.name; #可配置多個主機頭
ssl_certificate "/Users/leeyi/workspace/tools/servers/api-afd-server.crt";
ssl_certificate_key "/Users/leeyi/workspace/tools/servers/api-afd-server.key";
...
### 其餘代碼省略
}

配置apache

修改httpd-ssl.conf文件

注意在此文件中配置證書和密鑰

SSLCertificateFile /apache/conf/api-afd-server.crt
SSLCertificateKeyFile /apache/conf/api-afd-server.key

虛擬機設置

NameVirtualHost *:443
<VirtualHost *:443>
…………
</VirtualHost>

修改httpd.conf文件

步驟1：打開ssl模塊

LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so

步驟2：引入ssl配置文件

Include 「/apache/conf/httpd-ssl.conf」

步驟3：若是你配置的虛擬機，注意一下端口的訪問接受狀況

NameVirtualHost *:80
<VirtualHost *:80>
…………
</VirtualHost>
```
從新啓動apache
用https方式訪問，查看是否生效