openssl

安装

wget https://www.openssl.org/source/openssl-1.0.2n.tar.gz    #下载
ls
tar -zxf openssl-1.0.2n.tar.gz 
cd openssl-1.0.2n/
./config   #编译安装
make
make install

查看openssl 目录文件

[root@s7zbx01 ssl]# ls
bin certs include lib man misc openssl.cnf private

生成秘钥：

openssl genrsa -out server.key 2048

 创建 证书签名申请(CSR:certificate signing request)：

openssl req -new -key server.key -out certreq.csr

验证CRS正确性

openssl req -text -in certreq.csr -noout

自签名证书：

openssl x509 -req -days 365 -in certreq.csr -signkey server.key -out server.crt

添加mod_ssl模块,httpd-ssl.conf配置

vim /usr/local/apache2/conf/httpd.conf

LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf       
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

 # 取消掉注释

vim  /usr/local/apache2/conf/extra/httpd-ssl.conf

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"   #这里使用的是 shmcb，确保该模块
                                                                             在httpd.conf中加载了
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"     #将私钥和证书放到指定位置

重启httpd服务

systemctl restart httpd