标题:生成apache证书(https应用) 出处:运维进行时 时间:Tue, 14 Aug 2007 21:44:26 +0000 作者: 地址:https://blog.liuts.com/post/5/ 内容: # cd /usr/local/apache2/conf # tar zxvf ssl.ca-0.1.tar.gz # cd ssl.ca-0.1 生成根证书: # ./new-root-ca.sh (生成根证书) No Root CA key round. Generating one Generating RSA private key, 1024 bit long modulus ...........................++++++ ....++++++ e is 65537 (0x10001) Enter pass phrase for ca.key: (输入一个密码) Verifying - Enter pass phrase for ca.key: (再输入一次密码) ...... Self-sign the root CA... (签署根证书) Enter pass phrase for ca.key: (输入刚刚设置的密码) ........ ........ (下面开始签署) Country Name (2 letter code) [MY]:CN State or Province Name (full name) [Perak]:HaiNan Locality Name (eg, city) [Sitiawan]:HaiKou Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd Organizational Unit Name (eg, section) [Certification Services Division]:ACSTAR Common Name (eg, MD Root CA) []:WISCOM CA Email Address []:acmail@wiscom.com.cn 这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书: 生成server证书: # ./new-server-cert.sh server (这个证书的名字是server) ...... ...... Country Name (2 letter code) [MY]:CN State or Province Name (full name) [Perak]:HaiNan Locality Name (eg, city) [Sitiawan]:HaiKou Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd Organizational Unit Name (eg, section) [Secure Web Server]:ACSTAR Common Name (eg, www.domain.com) []:acmail.wiscom.com.cn Email Address []:acmail@wiscom.com.cn 这样就生成了server.csr和server.key这两个文件。 签署server证书: # ./sign-server-cert.sh server CA signing: server.csr -> server.crt: Using configuration from ca.config Enter pass phrase for ./ca.key: (输入上面设置的根证书密码) Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :PRINTABLE:'JiangSu' localityName :PRINTABLE:'NanJing' organizationName :PRINTABLE:'Wiscom System Co.,Ltd' organizationalUnitName:PRINTABLE:'ACSTAR' commonName :PRINTABLE:'acmail.wiscom.com.cn' emailAddress :IA5STRING:'acmail@wiscom.com.cn' Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated CA verifying: server.crt CA cert server.crt: OK (如果这里出现错误,最好重新来过,删除ssl.ca-0.1这个目录,从解压缩处重新开始。) 下面要按照ssl.conf里面的设置,将证书放在适当的位置。 引用 # chmod 400 server.key # cd .. # mkdir ssl.key # mv ssl.ca-0.1/server.key ssl.key # mkdir ssl.crt # mv ssl.ca-0.1/server.crt ssl.crt 然后就可以启动啦! 引用 # cd /usr/local/apache2 # ./bin/apachectl startssl Generated by Bo-blog 2.1.1 Release