安装

wget https://www.openssl.org/source/openssl-1.0.2n.tar.gz    #下载lstar -zxf openssl-1.0.2n.tar.gz cd openssl-1.0.2n/./config   #编译安装makemake install

查看openssl 目录文件

[root@s7zbx01 ssl]# ls

bin certs include lib man misc openssl.cnf private

 

 

生成秘钥：

openssl genrsa -out server.key 2048

 创建 证书签名申请(CSR:certificate signing request)：

openssl req -new -key server.key -out certreq.csr

验证CRS正确性

openssl req -text -in certreq.csr -noout

自签名证书：

openssl x509 -req -days 365 -in certreq.csr -signkey server.key -out server.crt

 

 

 

添加mod_ssl模块,httpd-ssl.conf配置

vim /usr/local/apache2/conf/httpd.conf

LoadModule ssl_module modules/mod_ssl.soInclude conf/extra/httpd-ssl.conf       LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

# 取消掉注释

 

vim  /usr/local/apache2/conf/extra/httpd-ssl.conf

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"   #这里使用的是 shmcb，确保该模块                                                                              在httpd.conf中加载了 SSLCertificateFile "/usr/local/apache2/conf/server.crt" SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"     #将私钥和证书放到指定位置

 

重启httpd服务

systemctl restart httpd