..
...........................................................................
e is 65537 (0x10001)
______________________________________________________________________
STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
1. Country Name (2 letter code) [XY]: CN
2. State or Province Name (full name) [Snake Desert]: Guang Dong
3. Locality Name (eg, city) [Snake Town]: Guang Zhou
4. Organization Name (eg, company) [Snake Oil, Ltd]: Kingisme.com xBSD Studio
5. Organizational Unit Name (eg, section) [Webserver Team]: cnfug.org
6. Common Name (eg, FQDN) [www.snakeoil.dom]: www.cnfug.org
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]: ihweb@cnfug.org
8. Certificate Validity (days) [365]: 365
______________________________________________________________________
STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]: 3
Signature ok
subject=/C=CN/ST=Guang Dong/L=Guang Zhou/O=Kingisme.com xBSD Studio/OU=cnfug.org/CN=www.cnfug.org/emailAddress=ihweb@cnfug.org
Getting CA Private Key
Verify: matching certificate & key modulus
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY/ST=Snake Desert/L=Snake Town/O=Snake Oil, Ltd/OU=Certificate Authority/CN=Snake Oil CA/emailAddress=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired
OK
______________________________________________________________________
STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]: n
Warning, you"re using an unencrypted RSA private key.
Please notice this fact and do this on your own risk.
______________________________________________________________________
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the "SSLCertificateKeyFile" directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the "SSLCertificateFile" directive (automatically done
when you install via APACI).
o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
WARNING: Do not use this for real-life/production systems
FBSD# 到此,CA证书正式生成 。
然后安装apache 1.3.27
FBSD# make install
… 5、启动并测试
FBSD# /usr/local/apache/bin/apachectl startssl 在IE中输入地址
https://192.168.168.168/ (请更换你的APACHE服务器IP) 你将会看到需要
1)询问是否要通过安全连接查看网页
2)接收到证书
6、关于自定义SSL的证书
大家可以查看我的《 Apache1.3.27 mod_ssl SSL 》中提到方法去做,只是此是的sign.sh 在
/tmp/install/mod_ssl-2.8.14-1.3.27/pkg.contrib/sign.sh 那里,这是签署证书生成server.crt需要的 。
7、小结
此文章虽然是在 FreeBSD 4.8 stable 平台上实现的,但是由于Unix Like,基本上适用于Linux、Solaris、AIX、HP-UX等 。其实这样的安装不难,多看点文档,尤其是mod_ssl 本身自带的文档,因为这个mod_ssl-2.8.14-1.3.27 本身就是for Apache 1.3.27 所以mod_ssl.org Code team 们肯定经过测试的,安装的时候只要认真看提示就可以了!
推荐阅读
- 钉钉app中自定义表情不见了具体处理方法
- 魅族PRO7怎么自定义画屏?魅族PRO7自定义画屏页面方法教程
- 支付宝中设置自定义扣款具体操作方法
- 用ports安裝apache13_modssl+mysql+php+phpmyadmin
- 手机百度输入法怎么自定义短语 定制你的输入法
- 微信自定义表情包顺序的调整方法 微信表情包怎么调整顺序?
- oppo手机怎么设置铃声?oppo来电铃声自定义设置方法
- 随手记如何定义首页导航?随手记自定义首页导航教程
- 自定义铃声怎么删除
- 自定义安装卡巴斯基2009 节约硬盘空间