首先

作为投稿的练习，我创建了这个备忘录来记录我在Apache上使用SSL的经历。

前提 tí)

CentOS 6.9 是一种操作系统，并搭载了 Apache 2.2 作为其默认的网络服务器软件。

安装openssl

# yum install openssl

安装mod_ssl

请使用以下命令确认模块是否已安装。

# httpd -M | grep ssl

# yum install mod_ssl

生成私钥和证书

# cd /etc/httpd/conf

通过下面的命令生成私钥。

# openssl genrsa -aes128 1024 > server.key

# openssl req -new -key server.key > server.csr
パスフレーズを入力
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter '.', the field will be left blank.

国コード
Country Name (2 letter code) [XX]:JP
都道府県
State or Province Name (full name) []:Tokyo
市町村
Locality Name (eg, city) [Default City]:
組織名（空白）
Organization Name (eg, company) [Default Company Ltd]:
部門名（空白）
Organizational Unit Name (eg, section) []:
サーバ名、IPアドレスを入力
Common Name (eg, your name or your server's hostname) []:192.168.56.254
メールアドレス（空白）
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
別のパスワード？（空白）
A challenge password []:
別の組織名（空白）
An optional company name []:

# openssl x509 -in server.csr -days 36500 -req -signkey server.key > server.crt

在启动时省略输入密码

# mv server.key server.key.bak

用以下的命令来删除密码短语。

# openssl rsa -in server.key.bak > server.key

SSL配置文件的编辑

vi /etc/httpd/conf.d/ssl.conf

元ある記述をコメントアウトし、下記を追加
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key

请重新启动 Apache 并完成。
以上。