- 论坛徽章:
- 0
|
环境:redhat 4(2.6.9-89)
openssl-0.9.8b
ssl.ca-0.1
IP:172.16.12.87
一、安装openssl
[root@localhost ~]# tar -zxvf openssl-0.9.8b.tar.tar
[root@localhost ~]# cd openssl-0.9.8b
[root@localhost openssl-0.9.8b]# ./config
[root@localhost openssl-0.9.8b]# make
make[2]: Leaving directory `/root/openssl-0.9.8b/test'
make[1]: Leaving directory `/root/openssl-0.9.8b/test'
making all in tools...
make[1]: Entering directory `/root/openssl-0.9.8b/tools'
make[1]: Nothing to be done for `all'.
make[1]: Leaving directory `/root/openssl-0.9.8b/tools'
[root@localhost openssl-0.9.8b]# make install
cp libcrypto.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libcrypto.pc
cp libssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/libssl.pc
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
二、安装配置apache
[root@localhost ~]# tar -zxvf httpd-2.2.6.tar.gz
[root@localhost ~]# cd httpd-2.2.6
[root@localhost httpd-2.2.9]# ./configure --prefix=/usr/local/apache --enable-so --enable-ssl=static --with-ssl=/usr/local/ssl --enable-mods-shared=all
config.status: creating build/rules.mk
config.status: creating build/pkg/pkginfo
config.status: creating build/config_vars.sh
config.status: creating include/ap_config_auto.h
config.status: executing default commands
[root@localhost httpd-2.2.6]# make
make[4]: Leaving directory `/usr/local/src/httpd-2.2.6/modules/mappers'
make[3]: Leaving directory `/usr/local/src/httpd-2.2.6/modules/mappers'
make[2]: Leaving directory `/usr/local/src/httpd-2.2.6/modules'
make[2]: Entering directory `/usr/local/src/httpd-2.2.6/support'
make[2]: Leaving directory `/usr/local/src/httpd-2.2.6/support'
make[1]: Leaving directory `/usr/local/src/httpd-2.2.6'
[root@localhost httpd-2.2.6]# make install
Installing man pages and online manual
mkdir /usr/local/apache/man
mkdir /usr/local/apache/man/man1
mkdir /usr/local/apache/man/man8
mkdir /usr/local/apache/manual
make[1]: Leaving directory `/usr/local/src/httpd-2.2.6'
[root@oracle bin]# vi /usr/local/apache/conf/httpd.conf
编辑httpd.conf
97%
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf 去掉前面的#
[root@oracle bin]# ./apachectl start
Syntax error on line 99 of /usr/local/apache/conf/extra/httpd-ssl.conf:
SSLCertificateFile: file '/usr/local/apache/conf/server.crt' does not exist or is empty
因为我们没有配置ssl,需要生成ssl需要的证书
以前使用apache1+mod_ssl的时候,make之后有一个这样的步骤
三、安装ssl.ca并生成证书
[root@localhost ~]# mv ssl.ca-0.1.tar.gz /usr/local/apache/conf/
[root@localhost ~]# tar -zxvf ssl.ca-0.1.tar.gz
ssl.ca-0.1/
ssl.ca-0.1/COPYING
ssl.ca-0.1/README
ssl.ca-0.1/VERSION
ssl.ca-0.1/new-root-ca.sh
ssl.ca-0.1/random-bits
ssl.ca-0.1/new-server-cert.sh
ssl.ca-0.1/sign-user-cert.sh
ssl.ca-0.1/new-user-cert.sh
ssl.ca-0.1/p12.sh
ssl.ca-0.1/sign-server-cert.sh
[root@localhost ~]# cd ssl.ca-0.1
[root@localhost ssl.ca-0.1]# ./new-root-ca.sh
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
.++++++
.........++++++
e is 65537 (0x10001)
Enter pass phrase for ca.key:123456
Verifying - Enter pass phrase for ca.key:123456
Self-sign the root CA...
Enter pass phrase for ca.key:123456
Self-sign the root CA...
Enter pass phrase for ca.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ShangHai
Locality Name (eg, city) [Sitiawan]:ZhaBei
Organization Name (eg, company) [My Directory Sdn Bhd]:TopFound
Organizational Unit Name (eg, section) [Certification Services Division]:Linux
Common Name (eg, MD Root CA) []:Linux
Email Address []:jiajiaandtianyu@163.com
[root@localhost ssl.ca-0.1]# ls
COPYING README VERSION ca.crt ca.key new-root-ca.sh new-server-cert.sh new-user-cert.sh p12.sh random-bits sign-server-cert.sh sign-user-cert.sh
[root@localhost ssl.ca-0.1]# ./new-server-cert.sh server
No server.key round. Generating one
Generating RSA private key, 1024 bit long modulus
..................................++++++
..............................++++++
e is 65537 (0x10001)
Fill in certificate data
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:ShangHai
Locality Name (eg, city) [Sitiawan]:ZhaBei
Organization Name (eg, company) [My Directory Sdn Bhd]:TopFound
Organizational Unit Name (eg, section) [Secure Web Server]:Linux
Common Name (eg,
www.domain.com
) []:localhost
Email Address []:jiajiaandtianyu@163.com
You may now run ./sign-server-cert.sh to get it signed
[root@localhost ssl.ca-0.1]# ls
COPYING VERSION ca.key new-server-cert.sh p12.sh server.csr sign-server-cert.sh
README ca.crt new-root-ca.sh new-user-cert.sh random-bits server.key sign-user-cert.sh
[root@localhost ssl.ca-0.1]# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:123456
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'ShangHai'
localityName :PRINTABLE:'ZhaBei'
organizationName :PRINTABLE:'jesonc'
organizationalUnitName:PRINTABLE:'TopFounder CA'
commonName :PRINTABLE:'localhost'
emailAddress :IA5STRING:'jiajiaandtianyu@163.com'
Certificate is to be certified until Oct 20 16:14:38 2010 GMT (365 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt CA cert
server.crt: OK
[root@localhost ssl.ca-0.1]# chmod 400 server.key
[root@localhost ssl.ca-0.1]# cd ..
[root@oracle conf]# mv ssl.ca-0.1/server.key server.key
[root@oracle conf]# mv ssl.ca-0.1/server.crt server.crt
[root@localhost conf]# cd /usr/local/apache/bin/
[root@localhost bin]# ./apachectl
四、测试
https://访问时提示
secure connection failed
172.16.12.87 uses an invalid security certificate
The certificate is not trusted because the issuer certificate is unknown.
The certificate is only valid for localhost
上述情况很有可能是浏览器不信任
更换浏览器后可以使用
https://172.16.12.87
访问,成功,并且看到的内容是/usr/local/apache/htdocs/index.html里的
[root@oracle bin]# vi /usr/local/apache/conf/extra/httpd-ssl.conf
编辑
---这里用真实IP地址代替
# General setup for the virtual host
DocumentRoot "/usr/local/apache/htdocs/jesonc" ---这里更换一下主目录
#ServerName
www.example.com:443
#ServerAdmin
you@example.com
ErrorLog "/usr/local/apache/logs/error_log"
TransferLog "/usr/local/apache/logs/access_log"
[root@oracle htdocs]# mkdir jesonc/
[root@oracle htdocs]# cd jesonc/
[root@oracle jesonc]# touch aa bb cc dd
使用
https://172.16.12.87
访问,成功,并且看到的内容是/usr/local/apache/htdocs/jesonc/里的aa,bb cc dd几个文件
tomcat
[root@oracle src]# ./jdk-1_5_0_11-linux-i586-rpm.bin
Extracting...
UnZipSFX 5.42 of 14 January 2001, by Info-ZIP (
Zip-Bugs@lists.wku.edu
).
inflating: jdk-1_5_0_11-linux-i586.rpm
Preparing... ########################################### [100%]
1:jdk ########################################### [100%]
Done.
[root@oracle jdk1.5.0_11]# vi /etc/profile
JAVA_HOME=/usr/java/jdk1.5.0_11
export JAVA_HOME
JRE_HOME=/usr/java/jdk1.5.0_11/jre
export JRE_HOME
CLASSPATH=/usr/java/jdk1.5.0_11/lib
export CLASSPATH
PATH=/usr/java/jdk1.5.0_11/bin:$PATH
[root@oracle bin]# source /etc/profile
[root@oracle jdk1.5.0_11]# java -version
java version "1.5.0_11"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03)
Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode, sharing)
[root@oracle src]# tar -zxvf jakarta-tomcat-5.0.30.tar.gz
jakarta-tomcat-5.0.30/webapps/webdav/WEB-INF/web.xml
jakarta-tomcat-5.0.30/webapps/webdav/index.html
jakarta-tomcat-5.0.30/webapps/webdav/tomcat-power.gif
jakarta-tomcat-5.0.30/webapps/webdav/tomcat.gif
[root@oracle jdk1.5.0_11]# vi /etc/profile
添加
TOMCAT_HOME=/usr/local/src/jakarta-tomcat-5.0.30/bin
export TOMCAT_HOME
[root@oracle bin]# source /etc/profile
[root@oracle bin]# ./startup.sh
Using CATALINA_BASE: /usr/local/src/jakarta-tomcat-5.0.30
Using CATALINA_HOME: /usr/local/src/jakarta-tomcat-5.0.30
Using CATALINA_TMPDIR: /usr/local/src/jakarta-tomcat-5.0.30/temp
通过
http://172.16.12.87:8080
能看到欢迎界面,表示TOMCAT配置成功
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/93765/showart_2082041.html |
|
免费注册
发表于 2009-10-29 15:03