环境是:debian7+apache2.2+阿里云免费ssl服务,站点以前的http已经在运行了,
1、开通阿里云免费SSL&DNS解析配置
购买位置:打开阿里云找到“产品”-“安全”-“CA证书服务”-点击“立即购买”;
选择方法:证书类型选择”专业版OV SSL”->”1个域名”->”Symantec”(这里选择完成后上面证书类型出现了“免费型DV SSL”)->证书类型选择”免费型DV SSL”->然后继续购买就可以了;
域名验证类型:一路点击后来到后台中的CA证书服务(也可以自己从阿里后台找),在”进度”栏目中有”补全”,点击”补全”,一直输入一直往下点击,直到有个”域名验证类型”,这里选择DNS。
全部填写完成后等待一会就开通了。
DNS解析配置:紧接上步,开通成功会有要求添加txt的解析记录,解析记录的值也会给你,然后去添加
2、开启Apache的SSL
找到/etc/apache2/mods-enable文件夹,里边有很多模块,打开文件ssl.load:
#LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so去掉#
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so执行命令,必须要执行
a2enmod sslapache中开启端口监听:打开/etc/apache2/ports.conf,在Listen 443上面添加NameVirtualHost *:443
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>服务器防火墙入口端口添加443
3、上传证书&修改配置文件
去阿里云后台”CA证书服务”中找,找到后解压上传到/etc/apacahe2/ssl/domainname/中(domainname可以是网站名称),目录中有:123456789012345.key,123456789012345.pem,chain.pem,public.pem
打开/etc/apache2/sites-enable文件夹,找到需要配置的网站配置文件,这里我就以domainname.conf为例,很简单就是把原来的VirtualHost复制一下,修改一下端口号,然后添加SSLEngine部分的信息,代码如下:
<VirtualHost *:80>
ServerName domainname.com
ServerAlias domainname.com
DocumentRoot /www/domainname <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /www/domainname/> Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> </VirtualHost> <VirtualHost *:443> ServerName domainname.com443 ServerAlias domainname.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile /etc/apache2/ssl/domainname/public.pem SSLCertificateKeyFile /etc/apache2/ssl/domainname/123456789012345.key SSLCertificateChainFile /etc/apache2/ssl/domainname/chain.pem DocumentRoot /www/domainname <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /www/domainname/> Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> </VirtualHost>4、重启apache
service apache2 restart