科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网软件频道基础软件solaris 10中启用apache的ssl认证

solaris 10中启用apache的ssl认证

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

solaris 10中启用apache的ssl认证

作者:blog.chinaunix.net 来源:blog.chinaunix.net 2007年9月8日

关键字: SSL Apache Sun Solaris

  • 评论
  • 分享微博
  • 分享邮件

  1,以root用户登录,执行以下命令来启用ssl服务:

  solaris# svcprop -p httpd/ssl svc:network/http:apache2

  如果出现失败信息,可以尝试以下的命令来启用:

  solaris# svccfg -s http:apache2 setprop httpd/ssl=true

  solaris# svcadm refresh http:apache2

  solaris# svcprop -p httpd/ssl svc:network/http:apache2

  2,创建证书目录和密钥目录:

  solaris# mkdir /etc/apache2/ssl.crt

  solaris# mkdir /etc/apache2/ssl.key

  3.创建一个RSA密钥:

  solaris# /usr/sfw/bin/openssl genrsa -des3 1024 >etc/apache2/ssl.key/server.key

  Generating RSA private key, 1024 bit long modulus

  ..........................++++++

  .........++++++

  e is 65537 (0x10001)

  Enter pass phrase: ********

  Verifying - Enter pass phrase: ********

  4,创建一个认证请求:

  solaris# /usr/sfw/bin/openssl req -new -key /etc/apache2/ssl.key/server.key >

  \>

  /etc/apache2/ssl.crt/server.csr

  Enter pass phrase for /etc/apache2/ssl.key/server.key: ********

  You are about to be asked to enter information that will be incorporated

  into your certificate request.

  What you are about to enter is what is called a Distinguished Name or a

  DN.

  There are quite a few fields but you can leave some blank

  For some fields there will be a default value,

  If you enter '.', the field will be left blank.

  -----

  Country Name (2 letter code) [US]::US

  State or Province Name (full name) [Some-State]:OR

  Locality Name (eg, city) []:Blodgett

  Organization Name (eg, company) [Unconfigured OpenSSL Installation]:DIS

  Organizational Unit Name (eg, section) []:IT

  Common Name (eg, YOUR name) []:Big Cheese

  Email Address []:test@126.com

  Please enter the following 'extra' attributes

  to be sent with your certificate request

  A challenge password []: ********

  An optional company name []: Live Free or Die

  5.安装个人证书:

  solaris# /usr/sfw/bin/openssl req -x509 -days 3650 -key \

  >/etc/apache2/ssl.key/server.key \

  >-in /etc/apache2/ssl.crt/server.csr >\

  >/etc/apache2/ssl.crt/server.crt

  Enter pass phrase for /etc/apache2/ssl.key/server.key: ********

  6.修改ssl.conf来启用证书.

  solaris# cd /etc/apache2

  solaris# ls -l

  total 334

  -rw-r--r-- 1 root bin 1987 Jan 6 21:10 highperformancestd.conf

  -rw-r--r-- 1 root bin 1987 Jan 6 21:10 highperformance.conf

  -rw-r--r-- 1 root bin 37519 Jan 6 21:10 httpd-std.conf

  -rw-r--r-- 1 root root 37660 Jan 18 21:49 httpd.conf

  -rw-r--r-- 1 root bin 37661 Jul 20 2005 httpd.conf-example

  -rw-r--r-- 1 root bin 12959 Jan 6 21:10 magic

  -rw-r--r-- 1 root bin 15020 Jan 6 21:10 mime.types

  -rw-r--r-- 1 root bin 10759 Jan 6 21:10 ssl-std.conf

  -rw-r--r-- 1 root bin 10996 Jan 6 21:10 ssl.conf

  drwxr-xr-x 2 root root 512 Jan 19 03:24 ssl.crt

  drwxr-xr-x 2 root root 512 Jan 19 02:52 ssl.key

  编辑ssl.conf文件中以"ServerAdmin"开头的行,为服务器管理员设置一个email地址或者别名。

  7.测试apache的ssl认证;

  ?如果apache服务被启用则禁用apache服务:

  solaris# svcs | grep -i apache2

  online 3:29:01 svc:/network/http:apache2

  solaris# svcadm disable apache2

  ?启用apache的ssl服务:

  solaris# /usr/apache2/bin/apachectl startssl

  Apache/2.0.52 mod_ssl/2.0.52 (Pass Phrase Dialog)

  Some of your private key files are encrypted for security reasons.

  In order to read them you have to provide us with the pass phrases.

  Server 127.0.0.1:443 (RSA)

  Enter pass phrase: ********

  Ok: Pass Phrase Dialog successful.

  如果测试中出现'vhost.c:232 assertion "rv == APR_SUCCESS"failed on startssl'错误,则说明你的服务器不能使用dns解析主机名。则修改/etc/nsswitch.conf这个配置文件,在以hosts开头的行中加入dns即可,即hosts: files dns。修改完后重启apache服务继续测试。

  solaris# ps -ef | grep httpd

  root 1392 575 0 03:45:16 ? 0:01 /

  usr/apache2/bin/httpd -k start -DSSL

  root 1400 1116 0 03:45:51 pts/3 0:00 grep httpd

  webservd 1393 1392 0 03:45:18 ? 0:00 /

  usr/apache2/bin/httpd -k start -DSSL

  webservd 1397 1392 0 03:45:18 ? 0:00 /

  usr/apache2/bin/httpd -k start -DSSL

  webservd 1396 1392 0 03:45:18 ? 0:00 /

  usr/apache2/bin/httpd -k start -DSSL

  webservd 1395 1392 0 03:45:18 ? 0:00 /

  usr/apache2/bin/httpd -k start -DSSL

  webservd 1394 1392 0 03:45:18 ? 0:00 /

  usr/apache2/bin/httpd -k start -DSSL

  8.使apache的ssl服务作为一项服务自动启动:

  solaris# cd /etc/apache2/ssl.key

  solaris# cp server.key server.key.org

  solaris# /usr/sfw/bin/openssl rsa -in server.key.org -out server.key

  Enter pass phrase for server.key.org: ********

  writing RSA key

  solaris# chmod 400 server.key

  solaris# svcadm enable apache2

  solaris# svcs | grep -i apache2

  online 4:29:01 svc:/network/http:apache2

  apache 2 on solaris 10

  1.以root身份登录,创建httpd.conf文件:

  solaris# cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf

  2.编辑 /etc/apache2/httpd.conf

?Set ServerName if necessary (default is 127.0.0.1)

?Set ServerAdmin to a valid email address

  3.启用apache服务:

  solaris# svcadm enable apache2

 

    • 评论
    • 分享微博
    • 分享邮件
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章