1、安装mod_ssl

通过yum来在线安装mod_ssl
[root@Crayfish home]# yum -y install mod_ssl ? ???← 在线安装mod_ssl
Loaded plugins: security
base? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ? | 3.7 kB? ???00:00
epel? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ? | 4.4 kB? ???00:00
extras? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???| 3.4 kB? ???00:00
updates? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ? | 3.4 kB? ???00:00
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package mod_ssl.x86_64 1:2.2.15-31.el6.centos will be installed
–> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
Package? ?? ?? ?? ?Arch? ?? ?? ?? ???Version? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?Repository? ?? ?? ? Size
====================================================================================================
Installing:
mod_ssl? ?? ?? ?? ?x86_64? ?? ?? ?? ?1:2.2.15-31.el6.centos? ?? ?? ?? ?? ?updates? ?? ?? ?? ? 91 k

Transaction Summary
====================================================================================================
Install? ?? ? 1 Package(s)

Total download size: 91 k
Installed size: 183 k
Downloading Packages:
mod_ssl-2.2.15-31.el6.centos.x86_64.rpm? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???|??91 kB? ???00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:mod_ssl-2.2.15-31.el6.centos.x86_64? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???1/1
Verifying??: 1:mod_ssl-2.2.15-31.el6.centos.x86_64? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???1/1

Installed:
mod_ssl.x86_64 1:2.2.15-31.el6.centos

Complete!

2、HTTP 服务器上配置mod_ssl

[1] 建立服务器密钥

[root@Crayfish home]#??cd /etc/pki/tls/certs/　 ← 进入HTTP服务器配置文件所在目录
[root@Crayfish certs]#??make server.key　 ← 建立服务器密钥umask 77 ; \
? ?? ???/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
………………………………………………………………………………………………………………………………………………………………………………………………………….+++
…………………………………………………………………………+++
e is 65537 (0x10001)
Enter pass phrase:　? ?? ?? ?? ?? ?? ?? ?← 在这里输入口令
Verifying – Enter pass phrase:　??← 确认口令，再次输入
[root@Crayfish certs]# openssl rsa -in server.key -out server.key 　 ← 从密钥中删除密码（以避免系统启动后被询问口令）
Enter pass phrase for server.key:　 ← 输入口令
writing RSA key

[2] 建立服务器公钥

[root@Crayfish certs]# make server.csr　 ← 建立服务器密钥
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN　 ← 输入国名
State or Province Name (full name) []:HuNan　 ← 输入省名
Locality Name (eg, city) [Default City]:ChangSha　 ← 输入城市名
Organization Name (eg, company) [Default Company Ltd]:www.example.com　 ← 输入组织名（任意）
Organizational Unit Name (eg, section) []:　 ← 不输入，直接回车
Common Name (eg, your name or your server’s hostname) []:www.example.com　 ← 输入通称（任意）
Email Address []:[email protected] 　 ← 输入电子邮箱地址

Please enter the following ‘extra’ attributes
to be sent with your certificate request

A challenge password []:　 ← 不输入，直接回车
An optional company name []: 　 ← 不输入，直接回车

[3] 建立服务器证书

[root@Crayfish certs]#??openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365　 ← 建立服务器证书

Signature ok
subject=/C=CN/ST=HuNan/L=ChangSha/O=www.example.com/CN=www.example.com/[email protected]
Getting Private keySignature ok

[root@Crayfish certs]#??chmod 400 server.*? ? ← 修改权限为400

[4] 设置SSL

[root@Crayfish certs]#??vi /etc/httpd/conf.d/ssl.conf　 ← 修改SSL的设置文件
#DocumentRoot “/var/www/html”　 ← 找到这一行，将行首的“#”去掉
DocumentRoot “/var/www/html”　 ← 变为此状态

[5] 重新启动HTTP服务，让SSL生效
[root@Crayfish certs]# service httpd restart
Stopping httpd:? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???[??OK??]
Starting httpd: httpd: apr_sockaddr_info_get() failed for Crayfish
httpd: Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName
? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ???[??OK??]
[root@Crayfish conf.d]#