Apache安装Godaddy通配符SSL证书

 未分类  Add comments
7 月 172013
 

下载证书压缩包 包含CA根证书和服务器证书

用于证书请求的key文件

编辑apache配置文件

[root@pfx ~]# cd /usr/local/apache/conf/
[root@pfx conf]# vi httpd.conf

[root@pfx conf]# cd extra/
[root@pfx extra]# vi httpd-ssl.conf

服务器证书
SSLCertificateFile “/usr/local/apache/conf/server.crt”
#SSLCertificateFile “/usr/local/apache/conf/server-dsa.crt”

SSLCertificateFile “/usr/local/apache/conf/sample.com.crt”

服务器私钥KEY文件
SSLCertificateKeyFile “/usr/local/apache/conf/server.key”
#SSLCertificateKeyFile “/usr/local/apache/conf/server-dsa.key”

SSLCertificateKeyFile “/usr/local/apache/conf/sample.com.key”

 

重启Apache

检测语法
[root@pfx extra]# apachectl -t
Syntax error on line 56 of /usr/local/apache/conf/extra/httpd-ssl.conf:
Invalid command ‘SSLPassPhraseDialog’, perhaps misspelled or defined by a module not included in the server configuration
[root@pfx extra]#

查看是否加载mod_ssl模块
[root@pfx extra]# apachectl -l |grep ssl
[root@pfx extra]#

查看apache有关ssl的编译参数
[root@pfx httpd-2.2.24]# ./configure –help |grep ssl
–enable-ssl SSL/TLS support (mod_ssl)
–enable-distcache Select distcache support in mod_ssl
–with-sslport=SSLPORT Port on which to securelisten (default is 443)
–with-sslc=DIR RSA SSL-C SSL/TLS toolkit
–with-ssl=DIR OpenSSL SSL/TLS toolkit
[root@pfx httpd-2.2.24]#

查看当前版本apache的安装编译参数

重新编译安装Apache

[root@pfx httpd-2.2.24]# ./configure –prefix=/usr/local/apache \
> –enable-so –enable-rewrite –enable-ssl
[root@pfx httpd-2.2.24]# make

[root@pfx httpd-2.2.24]# make install

[root@pfx httpd-2.2.24]# /usr/local/apache2/bin/apachectl -l |grep ssl
mod_ssl.c
[root@pfx httpd-2.2.24]#
[root@pfx httpd-2.2.24]# netstat -lutn |grep 80
tcp 0 0 :::80 :::* LISTEN
[root@pfx httpd-2.2.24]#
[root@pfx httpd-2.2.24]# apachectl stop
[root@pfx httpd-2.2.24]# mv /usr/local/apache/ /usr/local/apache2

—————————————————
Listen 80

LoadModule php5_module modules/libphp5.so

User apache
Group apache
ServerName 192.168.197.15:80

DirectoryIndex index.html index.php

AddType application/x-httpd-php .php

Alias /pa “/usr/local/postfixadmin”

<Directory “/usr/local/postfixadmin”>
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
—————————————————
[root@pfx extra]# apachectl start
Apache/2.2.24 mod_ssl/2.2.24 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[root@pfx extra]#
强制SSL

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]

[root@pfx conf]# apachectl stop
[root@pfx conf]# apachectl start
Apache/2.2.24 mod_ssl/2.2.24 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
[root@pfx conf]#

直接重定向到mail.linuxcache.com
RewriteEngine On
RewriteRule ^(.*)$ https://mail.linuxcache.com/$1 [R,L]

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)