1.安裝apache2

     sudo apt-get install apache2

2.啟用SSL模組

     sudo a2enmod ssl

     訊息如下:

     Enabling module ssl.
     See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
     To activate the new configuration, you need to run:
     service apache2 restart


3.重新啟動apache2

     sudo service apache2 restart

4.建立存放金鑰相關資料的目錄

     sudo mkdir /etc/apache2/ssl

5.建立金鑰

    金鑰的有效期限是365天   

     sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

 

     接著會要求填入資料

    Country Name (2 letter code):TW

      State or Province Name (full name) [Some-State]: Taiwan Republic Of China

     Locality Name (eg, city) []:Taipei

     Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company Name

     Organizational Unit Name (eg, section) []:Sys-Net

     Common Name (e.g. server FQDN or YOUR name) []:serverName.example.com

     Email Address []:root@example.com

6.設定apache

     sudo gedit /etc/apache2/sites-available/default

     假設原內容如下

          <VirtualHost *:80>
             ServerAdmin webmaster@localhost

            DocumentRoot /var/www
            <Directory />
              Options FollowSymLinks
              AllowOverride None
            </Directory>
            <Directory /var/www/>
               Options Indexes FollowSymLinks MultiViews
               AllowOverride None
               Order allow,deny
               allow from all
           </Directory>

          ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
          <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
         </Directory>

         ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
          Options Indexes MultiViews FollowSymLinks
          AllowOverride None
          Order deny,allow
          Deny from all
          Allow from 127.0.0.0/255.0.0.0 ::1/128
       </Directory>

     </VirtualHost>

 

    將其複製並於檔案最下貼上複製內容,並修改為紅字顯示的內容

      <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        ServerName example.com:443
        DocumentRoot /var/www
        <Directory />
          Options FollowSymLinks
          AllowOverride None
       </Directory>
       <Directory /var/www/>
         Options Indexes FollowSymLinks MultiViews
         AllowOverride None
         Order allow,deny
         allow from all
      </Directory>

      ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
      <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
      </Directory>

      #   SSL Engine Switch:
      #   Enable/Disable SSL for this virtual host.
      SSLEngine on

      #   A self-signed (snakeoil) certificate can be created by installing
      #   the ssl-cert package. See
      #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
      #   If both key and certificate are stored in the same file, only the
      #   SSLCertificateFile directive is needed.    
      SSLCertificateFile /etc/apache2/ssl/apache.crt
      SSLCertificateKeyFile /etc/apache2/ssl/apache.key

      ErrorLog ${APACHE_LOG_DIR}/error.log

      # Possible values include: debug, info, notice, warn, error, crit,
      # alert, emerg.
      LogLevel warn

      CustomLog ${APACHE_LOG_DIR}/access.log combined

      Alias /doc/ "/usr/share/doc/"
      <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
      </Directory>

    </VirtualHost>

 7.重新啟動apache

       sudo service apache2 restart

 

上方設定可使您的網站可使用http或https登入

若需強迫使用https連結您的網站

可刪除以下區段文字

<VirtualHost *:80>

...

</VirtualHost>

並保留以下區段文字

 

<VirtualHost *:443>

 

...

 

</VirtualHost>

 

參考資料

https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04

http://www.weithenn.org/cgi-bin/wiki.pl?SSL_Certificate-%E8%87%AA%E8%A1%8C%E7%94%A2%E7%94%9F_SSL_%E6%86%91%E8%AD%89

, , ,

K 發表在 痞客邦 PIXNET 留言(0) 人氣()