создаём директории и включаем ssl
a2enmod ssl
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl/
Генерим сертификат
openssl req -new >new.cert.csr
Generating a 1024 bit RSA private key
................++++++
.++++++
writing new private key to 'privkey.pem'
Enter PEM pass phrase: супер-пупер-пароль
Verifying - Enter PEM pass phrase: супер-пупер-пароль
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:код_вашей_страны
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:адрес.сом
Organizational Unit Name (eg, section) []:адрес.сом
Common Name (eg, YOUR name) []:tsv
Email Address []:емыл@адрес.сом
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:супер-пупер-пароль
An optional company name []:адрес.сом
далее:
openssl rsa -in privkey.pem -out new.cert.key
Enter pass phrase for privkey.pem:супер-пупер-пароль
writing RSA key
далее:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1825
далее:
cp new.cert.cert /etc/ssl/certs/server.crt
cp new.cert.key /etc/ssl/private/server.key
а теперь пропишем наш виртуалхост
cp /etc/apache2/sites-available/какойто-виртуалхост.адрес.сом /etc/apache2/sites-available/ssl-какойто-виртуалхост.адрес.сом
открываем и редактируем
vim /etc/apache2/sites-available/ssl-какойто-виртуалхост.адрес.сом
и добавляем следующие строки
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
далее включаем виртуалхост и перегружаем apache2
a2ensite ssl-какойто-виртуалхост.адрес.сом
/etc/init.d/apache2 restart
всё.
P.S.
если будет ошибка проверьте прописано ли у вас в /etc/apache2/ports.conf вот такое:
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
пропишите и перегрузите apache2
Комментариев нет:
Отправить комментарий