Apache配置https,及多个https配置
1、单个https配置
检查相关依赖,如果没有就yum安装
yum install mod_ssl openssl
rpm -qa| grep mod_ssl
rpm -qa| grep openssl
安装完成后会生成一个
/etc/httpd/conf.d/ssl.conf文件
然后把申请的证书上传上去自定义一个目录
创建一个存放证书的目录
mkdir /etc/httpd/conf/ssl/
上传证书(证书我公司是阿里云申请的)
开始配置ssl.conf文件,对源文件做备份
开启你网站的目录
将servername设置为你的域名
注释掉原有的
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
开启ssl,设置为SSLHonorCipherOrder on
配置你证书路径
重启apache就好了!
如果访问时候没有权限就需要配置httpd.conf
测试访问:https://htcm-test.com ok
2、当一台服务器有多个域名配置https时,在ssl配置文件增加VirtualHost 就好,跟apache是一样的。
vim ssl.conf
#第一个https
<VirtualHost _default_:443>
#DocumentRoot "/var/www/html"
ServerName www.aaaaa.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProxyEngine on
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书
SSLCertificateFile /etc/httpd/conf/confluence/2054465_aaaa.com_public.crt
SSLCertificateKeyFile /etc/httpd/conf/confluence/2054465_aaaa.com.key
SSLCertificateChainFile /etc/httpd/conf/confluence/2054465_aaaa.com_chain.crt
</VirtualHost>
#第二个https
<VirtualHost _default_:443>
#DocumentRoot "/var/www/html"
ServerName www.aaaaa.com:443
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProxyEngine on
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书
SSLCertificateFile /etc/httpd/conf/confluence/2054465_aaaa.com_public.crt
SSLCertificateKeyFile /etc/httpd/conf/confluence/2054465_aaaa.com.key
SSLCertificateChainFile /etc/httpd/conf/confluence/2054465_aaaa.com_chain.crt
</VirtualHost>