Apache 搭建HTTPS Virtual Host

時間 2019-11-12

標籤 apache 搭建 https virtual host 欄目 Apache 简体版

原文原文鏈接

Apache 搭建HTTPS Virtual Host

html

1.建立SSL證書node

首先須要安裝openssl，linux系統默認已安裝，如沒有則用如下命令安裝：linux

sudo apt-get install openssl
sudo apt-get install libssl-dev

建立證書：

cd /etc/ssl/private
sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt

參數說明：

-x509 顯示證書和簽名工具git

-days 證書的有效期算法

-sha1 證書加密算法ubuntu

-newkey rsa:1024 建立一個新key,1024表示公鑰長度爲1024bitsapp

命令執行完會建立demo.key與demo.crtide

更多參數說明能夠參考：http://www.openssl.org/docs/apps/openssl.html工具

建立步驟：ui

root@ubuntu:/etc/ssl/private# sudo openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 -nodes -keyout demo.key -out demo.crt
Generating a 1024 bit RSA private key
.......++++++
...........++++++
writing new private key to 'demo.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GD
Locality Name (eg, city) []:GZ
Organization Name (eg, company) [Internet Widgits Pty Ltd]:fdipzone.Ltd
Organizational Unit Name (eg, section) []:test         
Common Name (eg, YOUR name) []:demo.fdipzone.com
Email Address []:fdipzone@gmail.com
root@ubuntu:/etc/ssl/private#

須要填寫的項目：

Country Name (2 letter code) [AU]: 國家
State or Province Name (full name) [Some-State]:省份
Locality Name (eg, city) []:城市
Organization Name (eg, company) [Internet Widgits Pty Ltd]:公司名稱
Organizational Unit Name (eg, section) []: 組織單位名稱
Common Name (eg, YOUR name) []: 填寫域名
Email Address []:電郵地址

2.建立Virtual Host

<VirtualHost *:443>
    DocumentRoot /home/fdipzone/demo
    ServerName demo.fdipzone.com

    <Directory "/home/fdipzone/demo">
    allow from all
    AllowOverride all
    Options -Indexes FollowSymLinks
    </Directory>

    SSLEngine on
    SSLCertificateFile /etc/ssl/private/demo.crt
    SSLCertificateKeyFile /etc/ssl/private/demo.key
    SSLCipherSuite AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
    SSLHonorCipherOrder on
</VirtualHost>

開啓SSL Engine及設置使用的證書，端口443
SSLEngine on
SSLCertificateFile /etc/ssl/private/demo.crt
SSLCertificateKeyFile /etc/ssl/private/demo.key