apache 配置https

<p>1、安装mod_ssl</p> <p>通过yum来在线安装mod_ssl</p> <p>[root@300second ~]# yum -y install mod_ssl ← 在线安装mod_ssl</p> <p>设置SSL</p> <p>[root@300second certs]# vi /etc/httpd/conf.d/ssl.conf　 ← 修改SSL的设置文件</p> <p>''#DocumentRoot &quot;/var/www/html&quot;　 ← 找到这一行，将行首的“#”去掉 　↓ DocumentRoot &quot;/var/www/html&quot;　 ← 变为此状态</p> <p>[5] 重新启动HTTP服务，让SSL生效</p> <h4>HTTPS 虚拟主机多域名指定</h4> <p>修改/etc/httpd/conf.d/ ssl.conf</p> <p>NameVirtualHost 121.41.17.128:443 &lt;VirtualHost 121.41.17.128:443&gt; ServerAdmin webmaster@hoge.com DocumentRoot &quot;/var/www/html/test1&quot; ServerName test1.upyuan.com</p> <pre><code>#SSL Engine Switch: #Enable/Disable SSL for this virtual host. SSLEngine on # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key &amp;lt;Directory &amp;quot;/var/www/html/test1&amp;quot;&amp;gt; Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all &amp;lt;/Directory&amp;gt;</code></pre> <p>&lt;/VirtualHost&gt; </p> <p>&lt;VirtualHost 121.41.17.128:443&gt; ServerAdmin webmaster@hoge.com DocumentRoot &quot;/var/www/html/wx&quot; ServerName wx.upyuan.com</p> <pre><code>#SSL Engine Switch: #Enable/Disable SSL for this virtual host. SSLEngine on # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key &amp;lt;Directory &amp;quot;/var/www/html/wx&amp;quot;&amp;gt; Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all &amp;lt;/Directory&amp;gt;</code></pre> <p>&lt;/VirtualHost&gt; </p> <p>文件说明：</p> <ol> <li>证书文件214094441970598.pem，包含两段内容，请不要删除任何一段内容。</li> <li>如果是证书系统创建的CSR，还包含：证书私钥文件214094441970598.key、证书公钥文件public.pem、证书链文件chain.pem。 ( 1 ) 在Apache的安装目录下创建cert目录，并且将下载的全部文件拷贝到cert目录中。如果申请证书时是自己创建的CSR文件，请将对应的私钥文件放到cert目录下并且命名为214094441970598.key； ( 2 ) 打开 apache 安装目录下 conf 目录中的 httpd.conf 文件，找到以下内容并去掉“#”： <code>#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件) </code>#Include conf/extra/httpd-ssl.conf ( 3 ) 打开 apache 安装目录下 conf/extra/httpd-ssl.conf 文件 (也可能是conf.d/ssl.conf，与操作系统及安装方式有关)， 在配置文件中查找以下配置语句: <code># 添加 SSL 协议支持协议，去掉不安全的协议 SSLProtocol TLSv1 TLSv1.1 TLSv1.2 </code># 修改加密套件如下 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4 <code># 证书公钥配置 SSLCertificateFile cert/public.pem </code># 证书私钥配置 SSLCertificateKeyFile cert/214094441970598.key ``# 证书链配置，如果该属性开头有 '#'字符，请删除掉 SSLCertificateChainFile cert/chain.pem ( 4 ) 重启 Apache。 ( 5 ) 通过 https 方式访问您的站点,测试站点证书的安装配置，如遇到证书不信任问题，请查看相关文档。</li> </ol> <p>微信支持，且只支持ssl_protocols TLSv1 TLSv1.1 TLSv1.2;所以，你需要把SSL V2，SSL V3这些协议都删掉 加密方式ssl_ciphers AES128+EECDH:AES128+EDH:!aNULL;</p> <p>注意：apache有一个坑</p> <p>要在虚拟目录中把配置重复写一遍；举例； NameVirtualHost 121.41.17.128:443</p> <p>&lt;VirtualHost 121.41.17.128:443&gt; ServerAdmin webmaster@hoge.com DocumentRoot &quot;/var/www/html/eb3.9isoft.com&quot; ServerName eb3.9isoft.com SSLEngine on SSLProtocol TLSv1 TLSv1.1 TLSv1.2 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4 SSLCertificateFile cert/public.pem SSLCertificateKeyFile cert/214094441970598.key SSLCertificateChainFile cert/chain.pem</p> <p>&lt;/VirtualHost&gt; </p>