linux°²×°apacheÖ§³Öhttps£¨ssl£©

Èí¼þ»·¾³
debian 5.0
Apache Httpd 2.0.63 (http://httpd.apache.org
)
OpenSSL 0.9.81 (http://www.openssl.org/source
)
SSL-Tools (http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
)
°²×°²½Öè(ËùÓвÙ×÷ʹÓÃrootÓû§½øÐÐ)£º
1. OpenSSL
#tar zxvf openssl-0.9.81.tar.gz
#cd openssl-0.9.81
#./config
#make
#make install
´Ë¾Ù½«°²×°×îеÄOpenSSLµ½/usr/local/sslĿ¼ÖУ¬ÎÞÐèÀí»áϵͳÖÐÒÑÓа汾µÄOpenSSL£¬Ò²²»ÒªÈ¥Ð¶ÔØËü£¬·ñÔò»áµ¼ÖºܶàµÄÓ¦ÓóÌÐòÎÞ·¨Õý³£Ö´ÐУ¬ÀýÈçX´°¿ÚÎÞ·¨½øÈëµÈ´íÎó¡£
2. Apache Httpd
#tar zxvf httpd-2.0.63.tar.gz
#cd httpd-2.0.63
#./configure --prefix=/usr/local/apache/httpd --enable-ssl=static --with-ssl=/usr/local/ssl
#make
#make install
´Ë²½ÖèÔÚ/apache/httpdĿ¼Öа²×°httpd·þÎñ(ͨ¹ý²ÎÊý--prefixÖ¸¶¨)£¬Í¬Ê±Ê¹ÓÃ--with-sslÖ¸¶¨¸Õ²ÅËù°²×°OpenSSLµÄ·¾¶£¬ÓÃÓÚ½«mod_ssl¾²Ì¬µÄ±àÒëµ½httpd·þÎñÖС£
3.ÖÆ×÷Ö¤Êé
ÎÒÃDZØÐëÊÖ¹¤À´Éú³ÉSSLÓõ½µÄÖ¤Ê飬¶ÔÖ¤Êé²»ÊìϤµÄÈË£¬ÓÐÒ»¸ö¹¤¾ß¿ÉÒÔʹÓãºhttp://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
 ¡£ÏÂÃæÊÇÈçºÎͨ¹ýÕâ¸ö¹¤¾ßÀ´Éú³ÉÖ¤ÊéµÄ¹ý³Ì£º
#cp ssl.ca-0.1.tar.gz /usr/local/apache/httpd/conf
#cd /usr/local/apache/conf
#tar zxvf ssl.ca-0.1.tar.gz
#cd ssl.ca-0.1
#./new-root-ca.sh (Éú³É¸ùÖ¤Êé)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key: (ÊäÈëÒ»¸öÃÜÂë)
Verifying - Enter pass phrase for ca.key: (ÔÙÊäÈëÒ»´ÎÃÜÂë)
......
Self-sign the root CA... (Ç©Êð¸ùÖ¤Êé)
Enter pass phrase for ca.key: (ÊäÈë¸Õ¸ÕÉèÖõÄÃÜÂë)
........
........ (ÏÂÃ濪ʼǩÊð)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:GanSu//ËæÄãϲ»¶
Locality Name (eg, city) [Sitiawan]:LanZhou//ËæÄãϲ»¶
Organization Name (eg, company) [My Directory Sdn Bhd]:lzu//ËæÄãϲ»¶
Organizational Unit Name (eg, section) [Certification Services Division]:lzu//ËæÄãϲ»¶
Common Name (eg, MD Root CA) []:dslab//ËæÄãϲ»¶
Email Address []:sunyanmeng@gmail.com//ËæÄãϲ»¶
ÕâÑù¾ÍÉú³ÉÁËca.keyºÍca.crtÁ½¸öÎÄ