Linux下使用Openssl颁发Apache证书

1安装openssl

#yum install -y openssl

2进入目录/etc/pki/tls/certs

#cd /etc/pki/tls/certs

3.生成私钥文件(key)

#openssl genrsa -des3 -out server.key 1024

4.为了避免每次服务启动都需要输入证书密码，删除证书密码

#openssl rsa -in server.key -out server.key

5.用server.key生成证书

#openssl req -new -key server.key -out server.csr
#这时候会提示以下信息：
Country Name (2 letter code) [XX]:CN  
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:No
Organizational Unit Name (eg, section) []:New
Common Name (eg, your name or your server's hostname) []:No
Email Address []:test@test.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:#如果直接回车
An optional company name []:#这里直接回车

6.生成CA的key文件ca.key和根证书ca.crt

openssl req -new -x509 -keyout ca.key -out ca.crt
#提示信息和第5步骤类似。

7.用CA证书为server.csr证书签名

#为了防止报错，需要提前做一些准备工作
#touch /etc/pki/CA/index.txt
#echo 01 > /etc/pki/CA/serial
#openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key -config ../openssl.cnf
#这是会提示以下信息
Sign the certificate? [y/n]:y#选择y
1 out of 1 certificate requests certified, commit? [y/n]y#选择y

8.这时候会得到ca.crt，ca.key，server.crt，server.csr，server.key。
9.将ca.crt，server.crt，server.key发送到apache配置目录。我的是/usr/local/apache/conf/ssl/
10.哎apache的vhost目录里使用

#进入配置目录，
#cd /usr/local/apache/conf
#vi httpd.conf
IncludeOptional conf/vhost/*.conf #去掉注释，如果没有则新增

#进入vhost目录
#cd /usr/local/apache/conf/vhost
#创建一个新的配置文件，名称自己定义，以.conf为后缀
#vi httpd-vhost-ssl.conf
<VirtualHost *:443>
ServerAdmin 随便输入的邮箱地址
php_admin_value open_basedir "/home/www/:/tmp/:/var/tmp/:/proc/"
DocumentRoot /home/www
ServerName 域名:443
ErrorLog "/home/wwwlogs/error_log"
CustomLog "/home/wwwlogs/access_log" combined
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl/server.crt#证书的路径
SSLCertificateKeyFile /usr/local/apache/conf/ssl/server.key#证书的路径
#SSLCertificateChainFile /usr/local/apache/conf/ssl/ca.crt#证书的路径
Protocols h3 h3c http/1.1
<Directory "/home/www/">
    SetOutputFilter DEFLATE
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    DirectoryIndex index.php index.html
</Directory>
</VirtualHost>