Mac下配置Apache Httpd的Https/SSL
httpd版本: httpd-2.4.17
jdk版本: jdk1.8.0_65
参考来源:
安装与配置
首先
参照博文配置好单个Httpd实例作为https的目标测试服务环境。"./servers/cluster/httpd/node-a"
配置证书
1. 生成主机密钥
先为ssl的key和certificate创建存放目录
:cluster Richard$ cd httpd/
:httpd Richard$ ls
httpd-2.4.17 node-a node-b
:httpd Richard$ mkdir keys
:httpd Richard$ ls
httpd-2.4.17 keys node-a node-b
:httpd Richard$ cd keys
在目标目录下执行
:keys Richard$ sudo openssl genrsa -des3 -out server.key 1024
结果
Generating RSA private key, 1024 bit long modulus
........++++++
................................++++++
e is 65537 (0x10001)
Enter pass phrase for app.key:
Verifying - Enter pass phrase for app.key:
2. 生成签署申请
* 注意以下提示输入服务器域名的时候不能用IP地址
$ openssl req -new -key app.key -out app.csr
根据提示输入参数
enerating RSA private key, 1024 bit long modulus
....................++++++
.............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
:keys Richard$ openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hoau.com
Organizational Unit Name (eg, section) []:sso
Common Name (e.g. server FQDN or YOUR name) []:proxy.sso.hoau.com
Email Address []:admin@sso.hoau.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Hoau123
An optional company name []:hoau.com
* 关于以上问题参数的说明
-
首先输入客户端所用密钥(Hoau123):
Enter pass phrase for server.key:
-
单点登陆服务器的域名:
Common Name (e.g. server FQDN or YOUR name) []:httpd-proxy1.sso.hoau.com
-
公司的名称:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hoau.comom
-
单点登陆服务名称:
Organizational Unit Name (eg, section) []: sso
-
所在地及国别:
State or Province Name (full name) [Some-State]: Shanghai Locality Name (eg, city) []: Shanghai Country Name (2 letter code) [AU]: CN
3. 生成服务器的私钥
$ openssl rsa -in app.key -out server.key
4. 生成给网站服务器签署的证书
$ sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt
至此,一共生成了4个文件
配置服务器
1. httpd.conf配置
#### Richard SSL enable cache
LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
2. httpd-ssl.conf配置
-
端口
Listen 441 https
-
VirtualHost端口
<VirtualHost _default_:441> # General setup for the virtual host DocumentRoot "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/htdocs" ServerName www.example.com:441 ServerAdmin you@example.com ErrorLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/error_log" TransferLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/access_log"
-
SSLCertificateKeyFile路径
SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"
-
SSLCertificateFile路径
SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt" #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"
* 注意:如果出现错误ssl_error_rx_record_too_long,可能是因为端口没有配置对,需要检查上面默认Listen和VirtualHost里面的端口设置
运行
执行命令
httpd Richard$ sudo ./node-a/bin/httpd -f /Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/httpd.conf -k start
如果提示错误
SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
则需要检查httpd.conf里面和Cache相关的配置
测试
用浏览器访问https://proxy.sso.hoau.com:441,会出现结果