• Mac下配置Apache Httpd的Https/SSL


    Mac下配置Apache Httpd的Https/SSL


    httpd版本: httpd-2.4.17

    jdk版本: jdk1.8.0_65

    参考来源:

    Mac下安装Apache Httpd

    Mac OS X中Apache开启ssl - 再问天

    安装与配置

    首先

    参照博文配置好单个Httpd实例作为https的目标测试服务环境。"./servers/cluster/httpd/node-a"

    Mac下安装Apache Httpd

    配置证书

    1. 生成主机密钥

    先为ssl的key和certificate创建存放目录

    :cluster Richard$ cd httpd/
    :httpd Richard$ ls
    httpd-2.4.17	node-a		node-b
    :httpd Richard$ mkdir keys
    :httpd Richard$ ls
    httpd-2.4.17	keys		node-a		node-b
    :httpd Richard$ cd keys
    

    在目标目录下执行

    :keys Richard$ sudo openssl genrsa -des3 -out server.key 1024
    

    结果

    Generating RSA private key, 1024 bit long modulus
    ........++++++
    ................................++++++
    e is 65537 (0x10001)
    Enter pass phrase for app.key:
    Verifying - Enter pass phrase for app.key:	
    

    2. 生成签署申请

    * 注意以下提示输入服务器域名的时候不能用IP地址
    $ openssl req -new -key app.key -out app.csr
    

    根据提示输入参数

    enerating RSA private key, 1024 bit long modulus
    ....................++++++
    .............++++++
    e is 65537 (0x10001)
    Enter pass phrase for server.key:
    Verifying - Enter pass phrase for server.key:
    :keys Richard$ openssl req -new -key server.key -out server.csr
    Enter pass phrase for server.key:
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    
    Country Name (2 letter code) [AU]:CN
    State or Province Name (full name) [Some-State]:Shanghai
    Locality Name (eg, city) []:Shanghai
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:hoau.com
    Organizational Unit Name (eg, section) []:sso
    Common Name (e.g. server FQDN or YOUR name) []:proxy.sso.hoau.com
    Email Address []:admin@sso.hoau.com
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:Hoau123
    An optional company name []:hoau.com
    
    * 关于以上问题参数的说明
    • 首先输入客户端所用密钥(Hoau123):

        Enter pass phrase for server.key:
      
    • 单点登陆服务器的域名:

        Common Name (e.g. server FQDN or YOUR name) 			
        	[]:httpd-proxy1.sso.hoau.com
      
    • 公司的名称:

        Organization Name (eg, company) 
        	[Internet Widgits Pty Ltd]:hoau.comom
      
    • 单点登陆服务名称:

        Organizational Unit Name (eg, section) 
        	[]: sso
      
    • 所在地及国别:

        State or Province Name (full name) 
        	[Some-State]: Shanghai
        Locality Name (eg, city) 
        	[]: Shanghai
        Country Name (2 letter code) 
        	[AU]: CN		
      

    3. 生成服务器的私钥

    $ openssl rsa -in app.key -out server.key
    

    4. 生成给网站服务器签署的证书

    $ sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt
    

    至此,一共生成了4个文件

    配置服务器

    1. httpd.conf配置

    #### Richard SSL enable cache
    LoadModule cache_module modules/mod_cache.so
    #LoadModule cache_disk_module modules/mod_cache_disk.so
    LoadModule cache_socache_module modules/mod_cache_socache.so
    LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
    

    2. httpd-ssl.conf配置

    • 端口

        Listen 441 https
      
    • VirtualHost端口

        <VirtualHost _default_:441>
      
        #   General setup for the virtual host
        DocumentRoot "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/htdocs"
        ServerName www.example.com:441
        ServerAdmin you@example.com
        ErrorLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/error_log"
        TransferLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/access_log"
      
    • SSLCertificateKeyFile路径

        SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"
      
    • SSLCertificateFile路径

        SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt"
        #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"
      
    * 注意:如果出现错误ssl_error_rx_record_too_long,可能是因为端口没有配置对,需要检查上面默认Listen和VirtualHost里面的端口设置

    运行

    执行命令

    httpd Richard$ sudo ./node-a/bin/httpd -f /Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/httpd.conf -k start
    

    如果提示错误

    SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).	
    

    则需要检查httpd.conf里面和Cache相关的配置

    测试

    用浏览器访问https://proxy.sso.hoau.com:441,会出现结果

    结束

  • 相关阅读:
    Charles 注册码
    pom.xml
    SpringMVC 表格跳转后显示${message}中的内容显示不出来
    使用IDEA 开发Spring,Maven-->并且部署到 tomcat
    Leetcode51 N后
    n queen
    八皇后问题
    Access提示“操作必须使用一个可更新的查询”的解决办法
    Win7系统卸载McAfee杀毒软件
    Win7(x64)升级到Win10
  • 原文地址:https://www.cnblogs.com/richaaaard/p/5051209.html
Copyright © 2020-2023  润新知