安装Apache2证书
收到证书后,将证书复制到服务器上的安全位置。
接下来, 编辑apache2 ssl配置文件并添加证书详细信息。
在Ubuntu中,运行以下命令以打开默认的SSL文件。
sudo nano /etc/apache2/sites-available/default-ssl.conf
然后参照下面内容进行更改
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html # Available loglevels: trace8, . , trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/certs/ssl/your_domain_name.crt SSLCertificateKeyFile /etc/certs/ssl/your_private.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. SSLCertificateChainFile /etc/certs/ssl/CAChain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one </VirtualHost> </IfModule>
调整文件名和路径以匹配证书文件
- sslcertificatefile应该是CA发布证书文件(例如,。your_domain_name.crt)。
- SSLCertificateKeyFile应该是创建CSR时生成的服务器密钥文件。
- sslcertificatechainfile应该是CA发布的中间证书文件(your_ca.crt)
在某些情况下,我们可能不需要添加CA链或者中间证书。
安装证书后,将下面的命令运行来激活 Apache2 SSL VirtualHost。
sudo a2ensite default-ssl.conf
最后,运行以下命令重新启动Apache2
sudo systemctl restart apache2
日期:2020-07-07 20:57:15 来源:oir作者:oir