Unix/Linux 生成证书和密钥

确认是否安装ssl模块，是否有mod_ssl.so文件

生成密钥

# 生成密钥# 这是用128位rsa算法生成密钥，得到 api-afd-server.key 文件tools/servers » openssl genrsa 1024 >api-afd-server.keyGenerating RSA private key, 1024 bit long modulus...................++++++.............++++++e is 65537 (0x10001)

生成证书请求文件

# 生成证书请求文件# 这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题，一一输入tools/servers » openssl req -new -key api-afd-server.key > api-afd-server.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:ZH-CNstring is too long, it needs to be less than  2 bytes longCountry Name (2 letter code) [AU]:CNState or Province Name (full name) [Some-State]:GuangZhouLocality Name (eg, city) []:ShenzhenOrganization Name (eg, company) [Internet Widgits Pty Ltd]:afdOrganizational Unit Name (eg, section) []:afd-yunbeiCommon Name (e.g. server FQDN or YOUR name) []:afd-apiEmail Address []:leeyisoft@qq.comPlease enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:123456An optional company name []:afd

生成证书

# 生成证书# 这是用步骤1,2的的密钥和证书请求生成证书server.crt，-days参数指明证书有效期，单位为天tools/servers » openssl req -x509 -days 365 -key api-afd-server.key -in api-afd-server.csr > api-afd-server.crt

windows 生成证书和密钥

生成证书需要 openssl工具，我用的是 MINGW32

步骤1：生成密钥

命令：openssl genrsa 1024 > server.key 说明：这是用128位rsa算法生成密钥，得到server.key文件

步骤2: 生成证书请求文件

命令：openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -new -key server.key > server.csr 说明：这是用步骤1的密钥生成证书请求文件server.csr, 这一步提很多问题，一一输入

步骤3: 生成证书

命令：openssl req -config D:\work_soft\Apache2.2\conf\openssl.cnf -x509 -days 365 -key server.key -in server.csr > server.crt 说明：这是用步骤1,2的的密钥和证书请求生成证书server.crt，-days参数指明证书有效期，单位为天 把得到的server.key和server.crt文件拷贝到apache的对应目录

nginx https 配置

参考

添加如下配置（完成后记得 reload nginx服务）：

server { listen 80;listen 443 ssl;ssl on;server_name 127.0.0.1 192.168.1.202 myweb.name www.myweb.name; #可配置多个主机头ssl_certificate "/Users/leeyi/workspace/tools/servers/api-afd-server.crt";ssl_certificate_key "/Users/leeyi/workspace/tools/servers/api-afd-server.key";...### 其他代码省略}

配置apache

修改httpd-ssl.conf文件

注意在此文件中配置证书和密钥

SSLCertificateFile /apache/conf/api-afd-server.crtSSLCertificateKeyFile /apache/conf/api-afd-server.key

虚拟机设置

NameVirtualHost *:443
    
     …………
    

修改httpd.conf文件

步骤1：打开ssl模块

LoadModule ssl_module /opt/taobao/install/httpd/modules/mod_ssl.so

步骤2：引入ssl配置文件

Include “/apache/conf/httpd-ssl.conf”

步骤3：如果你配置的虚拟机，注意一下端口的访问接受情况

NameVirtualHost *:80
    
     …………
    ```重新启动apache用https方式访问，查看是否生效