dannyliao 2016-9-8 12:06
Apache2.2 如何安裝 Namecheap Comodo PositiveSSL 憑證
這篇是自己使用 Apache2.2 安裝 Namecheap Comodo PositiveSSL 的購買與安裝流程~~<br><br>專有名詞:<br>DV: Domain Validation<br>OV: Organization Validation<br>EV: Extended Validation<br><br>1. 確認網域資訊<br><br>在購買 SSL 之前,必須先擁有一個認證的網域。我們可以使用 whois 來查詢網域的申請資料。whois 查詢出來的資料,請確定 “Administrative Contact Email” 的電子信箱是正確的。因為 SSL 會以此信箱為對象寄發。<br><br>首先我們要先在CentOS 上面產生兩個檔案 server.key 跟 server.csr<br># <font color="Blue">openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr</font><br><br>Country Name (2 letter code) [AU]: TW<br>State or Province Name (full name) [Some-State]: Taiwan<br>Locality Name (eg, city) []: Taichung<br>Organization Name (eg, company) [Internet Widgits Pty Ltd]: NA<br>Organizational Unit Name (eg, section) []: NA<br>Common Name (eg, YOUR name) []: <your-domain> (這裡一定要輸入正確的網域)<br>Email Address []: (網域註冊的信箱)<br><br>Please enter the following 'extra' attributes to be sent with your certificate request<br>A challenge password []: (可不填)<br>An optional company name []: (可不填)<br><br>2.到 Namecheap 申請 Comodo PositiveSSL 認證<br>申請時 Namecheap 會要求你提供 CSR (Certificate signing request) ,請將先前產生的 server.csr 的內容全部貼上。<br>設定完成後,Namecheap 會寄發 whois 提供的電子信箱,裡面附著認證碼。唯有通過認證後,SSL 才會由 “Pending Request” 變更為 “Certificates"。<br><br>3. 收到認證檔後序處理:<br><br>你會從Comodo 收到 crt的認證檔如下:<br>yourdomain_com.crt<br>yourdomain_com.ca-bundle<br><br>4. 在 Apache 下設定 SSL<br>Example of an SSL configured Virtual Host for Apache<br><br>(a)第一次安裝設定時...記得先到 /etc/httpd/conf.d/ssl.conf<br>把 VirtualHost 的預設選項都 mark 起來囉~才不會抓到這邊的設定<br>[quote]<br>#<VirtualHost _default_:443><br>.<br>.中間的選項全部mark起來<br>.<br>#</VirtualHost><br>[/quote]<br><br>(b) include 外部檔案<br># vi /etc/httpd/conf/httpd.conf<br><br>在裡面加個ssl.conf 的 include 檔 <br>[quote]<br>#<br># Load config files from the config directory "/etc/httpd/conf.d".<br>#<br>Include conf.d/*.conf<br>Include conf/ssl.conf<br>[/quote]<br><br>(c)然後新增一個 ssl.conf 之後就可以把 SSL 的網站都集中在一起<br><br># vi /etc/httpd/conf/ssl.conf<br>[quote]<br><br>NameVirtualHost 11.22.33.44:443<br><br>#----------------------------------------------------<br># adj.com.tw<br>#----------------------------------------------------<br><VirtualHost 11.22.33.44:443><br> ServerName www.adj.com.tw<br> DocumentRoot /var/www/html/adj/<br> <Directory "/var/www/html/adj/"><br> AllowOverride All<br> Order allow,deny<br> Allow from all<br> </Directory><br><br><font color="Red"> SSLEngine on<br> SSLCertificateKeyFile /etc/ssl/adj/server.key<br> SSLCertificateFile /etc/ssl/adj/adj_com_tw.crt<br> SSLCertificateChainFile /etc/ssl/adj/adj_com_tw.ca-bundle<br></font><br></VirtualHost><br>[/quote]<br><br>最後將 Apache 重啟就可以看到SSL認證的網站囉~~