apache2自签名证书开启ssl

生成私钥文件(需要输入密码)
openssl genrsa -des3 -out apache.key 1024


防止APACHE启动 读取私钥文件也需要输入密码 去除密码输入
openssl rsa -in apache.key -out apache.key




用私钥 生成证书
openssl req -new -key apache.key -out apache.csr




创建根证书
openssl req -new -x509 -keyout ca.key -out ca.crt






使用根证书对生成的证书进行签名
防止报错 先建立一些目录和文件


mkdir -p demoCA/newCerts
touch demoCA/index.txt
echo "01">demoCA/serial


签名
openssl ca -in apache.csr -out apache.crt -cert ca.crt -keyfile ca.key




自此 生成了证书所需的文件
apache.key 私钥文件
apache.crt 证书文件
ca.crt     根证书




在apache2中的虚拟主机进行如下配置(以下搭配了virtualdocumentroot  进行通用证书适配)


<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAlias *.ie
VirtualDocumentRoot "/var/www/html/%1"


ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /data/__APACHE_SSL/apache.crt
SSLCertificateKeyFile /data/__APACHE_SSL/apache.key
SSLCertificateChainFile /data/__APACHE_SSL/ca.crt
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory / >
SSLOptions +StdEnvVars
Options FollowSymLinks IncludesNOEXEC 
DirectoryIndex index.html index.htm default.htm index.php default.php index.cgi default.cgi index.shtml index.aspx default.aspx  
AllowOverride All
Require all granted
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>


apache2开启ssl模块
a2enmod ssl


如果未启用刚才的站点 则使用下命令启用站点
a2ensite 虚拟主机配置文件名




重启
service apache2 reload