1. Check the installation OpenSSL
View 1.1 is installed
openssl version
1.2 compile and install:
https://www.cnblogs.com/rxbook/p/9367725.html
1.3 yum install
yum install openssl yum install openssl-devel
1.4 Online Upgrade
yum -y update openssl
2. Configure certificate upload directory
In the Apache new installation directory cert directory, and download the Apache certificate, the certificate chain and the secret key files copied to the file cert directory. If you need to install multiple certificates, required in the Apache cert new directory number corresponding to cert directory for storing different certificates (each corresponding to a domain certificate store folder)
If you chose to manually create a certificate when applying for CSR file, please manually create the secret key generated files are copied to cert directory and name it Domain name.key .
3. Modify httpd.conf configuration file
3.1 the httpd.conf configuration parameters mod_ssl.so
#LoadModule ssl_module modules/mod_ssl.so
Delete the first line of configuration statements Notes symbol "#" load mod_ssl.so module enables SSL service, the Apache default is not to enable the module. If you can not find the configuration, recompile mod_ssl module.
3.2 introduction httpd-ssl.conf
#Include conf / extra / httpd-ssl.conf # delete comment symbol configuration statements beginning of the line "#."
4. Modify httpd-ssl.conf profile
4.1 Open httpd-ssl.conf file comment out the default parameter example
4.2 specific configuration parameters
<VirtualHost *:443> ServerName www.xx.com。 DocumentRoot /data/www/xxx/public SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile cert/domain name1_public.crt SSLCertificateKeyFile cert/domain name1.key SSLCertificateChainFile cert/domain name1_chain.crt </VirtualHost>
4.3 according to the conditions set more, save httpd-ssl.conf file and exit.
5. Configuration httpd-vhosts.conf sites in
80 and 443 ports exist
<VirtualHost *:443> ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/home/www/demo/public/" ServerName m.ygang.vip ServerAlias localhost SSLEngine on SSLCertificateFile "/usr/local/apache/cert/3087344_m.ygang.vip_public.crt" SSLCertificateKeyFile "/usr/local/apache/cert/3087344_m.ygang.vip.key" SSLCertificateChainFile "/usr/local/apache/cert/3087344_m.ygang.vip_chain.crt" ErrorLog "/usr/local/apache/logs/error_log" CustomLog "/usr/local/apache/logs/access_log" common </VirtualHost>
6. Set Apache http automatically jump https
In httpd-vhosts.conf file <VirtualHost *: 80> </ VirtualHost> intermediate, add the following redirect code.
RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
7. Nginx configuration ssl certificate
{Server the listen 443 ; server_name localhost; # localhost modify the domain name for your certificate binding. ssl on; # Set to enable SSL on. HTML root; index index.html index.htm; ssl_certificate CERT / domain name.pem; # will be replaced with your domain name.pem certificate file name. CERT ssl_certificate_key / domain name.key; # the domain name.key replace key file name of your certificate. 5m ssl_session_timeout; ssl_ciphers ECDHE -RSA-AES128-GCM-SHA256: ECDHE: ECDH: AES: HIGH: NULL: aNULL: MD5: ADH :!!!!! RC4; # use this cipher suite. . ssl_protocols TLSv1 TLSv1 . 1 . TLSv1 2 ; # using the configuration protocol. ON ssl_prefer_server_ciphers; LOCATION/ { Root HTML; # site directory. index.html index.htm index; } }
HTTP request is provided to automatically jump HTTPS port site added at 80
server { listen 80; server_name localhost; rewrite ^(.*)$ https://$host$1 permanent; location / { index index.html index.htm; } }