注意:按照我的方法和步骤,安装出来的Apache是两个不同的,一个是只监听80端口,一个是只监听443端口,这样的好处是,让访问80端口和访问443端口的apache分开,便于监控和管理,当然你也可以全部安装在一个目录下面,这个由读者自己决定。
安装Openssl
复制内容到剪贴板
代码:
tar xvfz openssl-0.9.8.tar.gz
cd openssl-0.9.8
./config
make
make install安装Apache2.0.55----不带SSL
复制内容到剪贴板
代码:
tar xvfz httpd-2.0.55.tar.gz
cd httpd-2.0.55
./configure --prefix=/yourdir/httpd --enable-module=vhost_alias --enable-module=so --enable-rule=SHARED_CORE
make
make install安装Apache2.0.55----带SSL
复制内容到剪贴板
代码:
tar xvfz httpd-2.0.55.tar.gz
cd httpd-2.0.55
./configure --prefix=/yourdir/httpds --enable-ssl --with-ssl=/usr/local/ssl/ --enable-module=vhost_alias --enable-module=so --enable-rule=SHARED_CORE
make
make install生成密钥
复制内容到剪贴板
代码:
mkdir /yourdir/httpds/conf/ssl.crt
openssl genrsa -des3 -passout pass:asecretpassword -out /yourdir/httpds/conf/ssl.crt/server.key.org 1024
openssl req -new -passin pass:asecretpassword -passout pass:asecretpassword -key /yourdir/httpds/conf/ssl.crt/server.key.org -out /yourdir/httpds/conf/ssl.crt/server.csr -days 3650
Country Name (2 letter code) [GB]:CH
State or Province Name (full name) [Berkshire]:ZH
Locality Name (eg, city) [Newbury]:hangzhou
Organization Name (eg, company) [My Company Ltd]:zjdx
Organizational Unit Name (eg, section) []:zjdx
Common Name (eg, your name or your server's hostname) []:mail.zjip.com
Email Address []:ymail@zjip.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:此处输入密码,不要填写
An optional company name []:此处输入密码,不要填写
openssl req -x509 -passin pass:asecretpassword -passout pass:asecretpassword -key /yourdir/httpds/conf/ssl.crt/server.key.org -in /yourdir/httpds/conf/ssl.crt/server.csr -out /yourdir/httpds/conf/ssl.crt/server.crt -days 3650
openssl rsa -passin pass:asecretpassword -in /yourdir/httpds/conf/ssl.crt/server.key.org -out /yourdir/httpds/conf/ssl.crt/server.key
mkdir /yourdir/httpds/conf/ssl.key
mv /yourdir/httpds/conf/ssl.crt/server.key /yourdir/httpds/conf/ssl.key/server.key
chmod 400 /yourdir/httpds/conf/ssl.key/server.key修改配置文件,确认如下行是否存在----蓝色字体为修改部分
复制内容到剪贴板
代码:
vi /yourdir/httpds/conf/ssl.conf
Listen 443
DocumentRoot "/yourdir/umail/web/portal"
ServerName 10.0.0.1:443
SSLCertificateFile /yourdir/httpds/conf/ssl.crt/server.crt
SSLCertificateKeyFile /yourdir/httpds/conf/ssl.key/server.key
vi /yourdir/httpds/conf/httpd.conf
#Listen 80注:httpds下的httpd.conf要注释掉Listen 80,目的是httpds这个apache只用来监听443端口,不监听80端口;httpd这个apache只用来监听80端口;
查看状态
复制内容到剪贴板
代码:
ps -ef | grep httpd
nobody 2414 2878 0 Jul25 ? 00:00:00 /yourdir/httpd/bin/httpd -k start
nobody 2416 2878 0 Jul25 ? 00:00:00 /yourdir/httpd/bin/httpd -k start
nobody 2418 2878 0 Jul25 ? 00:00:00 /yourdir/httpd/bin/httpd -k start
nobody 2423 2878 0 Jul25 ? 00:00:00 /yourdir/httpd/bin/httpd -k start
nobody 2424 2878 0 Jul25 ? 00:00:00 /yourdir/httpd/bin/httpd -k start
nobody 2838 3024 0 Jul25 ? 00:00:00 /yourdir/httpds/bin/httpd -k start -DSSL
nobody 2839 3024 0 Jul25 ? 00:00:00 /yourdir/httpds/bin/httpd -k start -DSSL
nobody 2840 3024 0 Jul25 ? 00:00:00 /yourdir/httpds/bin/httpd -k start -DSSL
nobody 2842 3024 0 Jul25 ? 00:00:00 /yourdir/httpds/bin/httpd -k start -DSSL
nobody 2845 3024 0 Jul25 ? 00:00:00 /yourdir/httpds/bin/httpd -k start -DSSL注:可以发现DSSL的apache全部是httpds目录下面的;
如果安装Apache1.33则需要再安装mod_ssl软件包;mod_ssl没一个版本都是apache2.0版本之前的每一个版本相匹配,要安装对应的mod_ssl。这里用apache_1.3.34为例,安装mod_ssl-2.8.25-1.3.34和openssl-0.9.7i;
复制内容到剪贴板
代码:
tar zxvf openssl-0.9.7i.tar.gz
cd openssl-0.9.7i
./config
make
cd ..
tar zxvf mod_ssl-2.8.25-1.3.34.tar.gz
cd mod_ssl-2.8.25-1.3.34
./configure --with-apache=../apache_1.3.34 --with-ssl=../openssl-0.9.7i --enable-module=so --prefix=/yourdir/httpdssl
cd ../ apache_1.3.34
cd make
make certificate
CH
ZJ
HZ
zjdx
mail
mail.zjip.com
[email]ymail@ziip.com[/email]
999
3
y
[]此处输入密码,不要填写
[]此处输入密码,不要填写
make installApache1.33配置和2.0的配置方法及思路一样;
注意事项:
i. 安装Apache2.0时要安装Openssl 0.9.8以上版本;
ii. 安装Apache2.0不需要安装mod_ssl,2.0以前版本才需要;
iii. 生成证书时输入的Country Name等信息,可以随便填写,不影响配置;
[
本帖最后由 勒色 于 2008-4-19 22:15 编辑 ]
Powered by IXPUB.Net © 2001-2007 All Right Reserved. 
