阿里云
阿里云多端小程序中小企业获客首选
发表主题 回复主题
  • 2262阅读
  • 4回复

[配置求助]Apache服务器证书如何安装配置?我这样配置对吗?

级别: 新人
发帖
11
云币
36
今天刚申请的证书,想用在己的WordPress,可是尝试了好久,还是没有配置成功,官方的第一第二步容易。如下:
  1. ( 1 ) 在Apache的安装目录下创建cert目录,并且将下载的全部文件拷贝到cert目录中。
  2. ( 2 ) 打开 apache 安装目录下 conf 目录中的 httpd.conf 文件,找到以下内容并去掉“#”:
  3. #LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)
  4. #Include conf/extra/httpd-ssl.conf
f2gh|p`  
8iD7K@  
就是第三步修改httpd-ssl.conf这点有点懵,我贴出来让大神们看看,哪里不对的,有望指教!!! AaB1H7r-  
(1) lt4IoE`tk?  
  1. # 添加 SSL 协议支持协议,去掉不安全的协议
  2. [color=#ff0000]SSLProtocol TSv1 TSv1.1 TSv1.2[/color]
我改的: XN t` 4$L  
  1. # SSL Protocol Adjustments:
  2. # The safe and default but still SSL/TLS standard compliant shutdown
  3. # approach is that mod_ssl sends the close notify alert but doesn't wait for
  4. # the close notify alert from client. When you need a different shutdown
  5. # approach you can use one of the following variables:
  6. [backcolor=#ffffff][color=#ff0000]SSLProtocol TSv1 TSv1.1 TSv1.2[/color][/backcolor]
(2) 8g{Mv#b%  
  1. # 修改加密套件如下
  2. [color=#ff0000]SSLCipherSuite ECDHE-AES128-SHA256:ECDHE:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4[/color]
我改的: R?lTB3"  
  1. # SSL Cipher Suite:
  2. # List the ciphers that the client is permitted to negotiate.
  3. # See the mod_ssl documentation for a complete list.
  4. [color=#ff0000]SSLCipherSuite ECDHE-AES128-SHA256:ECDHE:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4[/color]
(3) D +0il=5  
  1. # 证书公钥配置
  2. [color=#ff0000]SSLCertificateFile cert/public.pem[/color]
我改的: Z)xcxSo  
  1. # Server Certificate:
  2. # Point SSLCertificateFile at a PEM encoded certificate. If
  3. # the certificate is encrypted, then you will be prompted for a
  4. # pass phrase. Note that a kill -HUP will prompt again. Keep
  5. # in mind that if you have both an RSA and a DSA certificate you
  6. # can configure both in parallel (to also allow the use of DSA
  7. # ciphers, etc.)
  8. # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
  9. # require an ECC certificate which can also be configured in
  10. # parallel.
  11. [color=#ff0000]SSLCertificateFile "/alidata/server/httpd/cert/public.pem"[/color]
  12. #SSLCertificateFile "/alidata/server/httpd/conf/server-dsa.crt"
  13. #SSLCertificateFile "/alidata/server/httpd/conf/server-ecc.crt"
(4) 11QZ- ^  
  1. # 证书私钥配置
  2. [color=#ff0000]SSLCertificateKeyFile cert/2102029910392.key[/color]
我改的:
  1. # If the key is not combined with the certificate, use this
  2. # directive to point at the key file. Keep in mind that if
  3. # you've both a RSA and a DSA private key you can configure
  4. # both in parallel (to also allow the use of DSA ciphers, etc.)
  5. # ECC keys, when in use, can also be configured in parallel
  6. [color=#ff0000]SSLCertificateKeyFile "/alidata/server/httpd/cert/2102029910392.key"[/color]
  7. #SSLCertificateKeyFile "/alidata/server/httpd/conf/server-dsa.key"
  8. #SSLCertificateKeyFile "/alidata/server/httpd/conf/server-ecc.key"
(5) kb~ s, @p  
  1. # 证书链配置,如果该属性开头有 '#'字符,请删除掉
  2. [color=#ff0000]SSLCertificateChainFile cert/chain.pem[/color]
我改的: 4Yok,<  
  1. # Server Certificate Chain:
  2. # Point SSLCertificateChainFile at a file containing the
  3. # concatenation of PEM encoded CA certificates which form the
  4. # certificate chain for the server certificate. Alternatively
  5. # the referenced file can be the same as SSLCertificateFile
  6. # when the CA certificates are directly appended to the server
  7. # certificate for convenience.
  8. [color=#ff0000]SSLCertificateChainFile "/alidata/server/httpd/cert/chain.pem"[/color]
最后保存替换掉,重启Apache,通过 https 方式还是无法访问网站,不知道我哪里出错了,还是一开始就不对了,希望指点指点,谢谢!!!非常感谢!!!
级别: 新人
发帖
11
云币
36
只看该作者 沙发  发表于: 2017-02-17
ReApache服务器证书如何安装配置?我这样配置对吗?
原来发帖的代码不支持颜色 DL '{ rK  
级别: 新人
发帖
11
云币
36
只看该作者 板凳  发表于: 2017-02-17
ReApache服务器证书如何安装配置?我这样配置对吗?
求助!!!!!!!!!! gvoYyO#cm  
eR:C?v  
级别: 论坛版主
发帖
13736
云币
31883

只看该作者 地板  发表于: 2017-02-17
楼主您好, ry0YS\W  
-lm)xpp1  
欢迎来到阿里云论坛。 (h'Bz6K  
5:(/k\9+yv  
能否贴出您的apache日志内容?看有没有相关的重要信息喔。
Debian 是一个自由的操作系统 (OS),提供您安装在计算机上使用。操作系统就是能让您的计算机工作的一系列基本程序和实用工具。
级别: 新人
发帖
11
云币
36
只看该作者 4楼 发表于: 2017-02-17
Re回 3楼dongshan8的帖子
只有error有记录,你看看 -)e(Qt#ewl  
De49!{\a  
发表主题 回复主题
« 返回列表上一主题下一主题

限100 字节
如果您在写长篇帖子又不马上发表,建议存为草稿
 
验证问题: 23 + 14 = ?
上一个 下一个
      ×
      全新阿里云开发者社区, 去探索开发者的新世界吧!
      一站式的体验,更多的精彩!
      通过下面领域大门,一起探索新的技术世界吧~ (点击图标进入)