官网下载证书文件然后解压再传送到服务器上
1. 证书文件1536221873187.pem,包含两段内容,请不要删除任何一段内容。
2. 如果是证书系统创建的CSR,还包含:证书私钥文件1536221873187.key、证书公钥文件public.pem、证书链文件chain.pem
[root@gaojingbo Downloads]# unzip 1536221873187.zip
1536221873187.key chain.pem public.pem
1536221873187.pem
[root@gaojingbo Downloads]# scp public.pem 47.106.205.171://root
[root@gaojingbo Downloads]# scp 1536221873187.pem 47.106.205.171://root
[root@gaojingbo Downloads]# scp 1536221873187.key 47.106.205.171://root
[root@gaojingbo Downloads]# scp chain.pem 47.106.205.171://root
切换到服务器下
安装SSL
[root@aliyunserver httpd]# yum -y install mod_ssl
[root@aliyunserver httpd]# cd
[root@aliyunserver ~]# ls
1536221873187.key chain.pem public.pem
1536221873187.pem
创建SSL证书目录存放所有文件
[root@aliyunserver ~]# mkdir /etc/httpd/ssl
将其所有文件全部移到该目录下
[root@aliyunserver ~]# mv 1536221873187.key /etc/httpd/ssl/server.key
[root@aliyunserver ~]# mv 1536221873187.pem /etc/httpd/ssl/server.crt
[root@aliyunserver ~]# mv public.pem /etc/httpd/ssl/
[root@aliyunserver ~]# mv chain.pem /etc/httpd/ssl/
再cd到该目录下查看一下
[root@aliyunserver ssl]# ls
chain.pem public.pem server.crt server.key
.
[root@aliyunserver ~]# ls /etc/httpd/modules/ |grep ssl
mod_ssl.so
[root@aliyunserver ~]# vim /etc/httpd/conf.d/ssl.conf
找到对应的并将其修改
<VirtualHost _default_:443>
DocumentRoot "/webroot/bslznw"
ServerName www.bslznw.work:443
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile /etc/httpd/ssl/blic.pem
# 证书私钥配置
SSLCertificateKeyFile /etc/httpd/ssl/server.key
# 证书链配置,如果该属性开头有 '#'字符,请删除掉
SSLCertificateChainFile /etc/httpd/ssl/chain.pem
[root@aliyunserver ~]# httpd -t
Syntax OK
[root@aliyunserver ~]# vim /etc/httpd/conf.d/bslznw.work.conf
<VirtualHost *:8080>
ServerName www.bslznw.work
ServerAlias bslznw.work
DocumentRoot /webroot/bslznw
RewriteEngine On
RewriteRule ^/(.*) https://www.bslznw.work [L]
</VirtualHost>
<Directory "/webroot/bslznw">
Require all granted
</Directory>
[root@aliyunserver ssl]# ss -antp |grep http
LISTEN 0 128 *:8080 *:* users:(("httpd",pid=6838,fd=5),("httpd",pid=6833,fd=5),("httpd",pid=6832,fd=5),("httpd",pid=6831,fd=5),("httpd",pid=6830,fd=5),("httpd",pid=6829,fd=5),("httpd",pid=6827,fd=5))
LISTEN 0 128 *:80 *:* users:(("httpd",pid=6838,fd=3),("httpd",pid=6833,fd=3),("httpd",pid=6832,fd=3),("httpd",pid=6831,fd=3),("httpd",pid=6830,fd=3),("httpd",pid=6829,fd=3),("httpd",pid=6827,fd=3))
LISTEN 0 128 *:433 *:* users:(("httpd",pid=6838,fd=4),("httpd",pid=6833,fd=4),("httpd",pid=6832,fd=4),("httpd",pid=6831,fd=4),("httpd",pid=6830,fd=4),("httpd",pid=6829,fd=4),("httpd",pid=6827,fd=4))
LISTEN 0 128 *:443 *:* users:(("httpd",pid=6838,fd=6),("httpd",pid=6833,fd=6),("httpd",pid=6832,fd=6),("httpd",pid=6831,fd=6),("httpd",pid=6830,fd=6),("httpd",pid=6829,fd=6),("httpd",pid=6827,fd=6))
[root@aliyunserver ~]# systemctl restart httpd
配置完成后 在浏览器输入https://www.bslznw.work 进行测试
如果下载的证书文件解压后只有 1536221873187.pem,1536221873187.key
按照上面步骤将其改名并发送到服务器上存放到/etc/httpd/ssl目录下 同以上步骤
[root@aliyunserver ssl]# ls
server.key server.crt
[root@aliyunserver ~]# vim /etc/httpd/conf.d/ssl.conf
找到并修改
<VirtualHost _default_:443>
DocumentRoot "/webroot/bslznw"
ServerName www.bslznw.work:443:8080
SSLProtocol all -SSLv2 -SSLv3
# 证书公钥配置
SSLCertificateFile /etc/httpd/ssl/server.crt
# 证书私钥配置
SSLCertificateKeyFile /etc/httpd/ssl/server.key
[root@aliyunserver ~]# vim /etc/httpd/conf.d/bslznw.work.conf
<VirtualHost *:8080>
ServerName www.bslznw.work
ServerAlias bslznw.work
DocumentRoot /webroot/bslznw
RewriteEngine On
RewriteRule ^/(.*) https://www.bslznw.work [L]
</VirtualHost>
<Directory "/webroot/bslznw">
Require all granted
</Directory>
[root@aliyunserver ~]# systemctl restart httpd
配置完成后 在浏览器输入https://www.bslznw.work 进行测试
“`