Mac下配置Apache Httpd的Https/SSL

Mac下配置Apache Httpd的Https/SSL

---

httpd版本: httpd-2.4.17

jdk版本: jdk1.8.0_65

參考來源:

Mac下安裝Apache Httpd

Mac OS X中Apache開啟ssl - 再問天

安裝與配置

首先

參照博文配置好單個Httpd例項作為https的目標測試服務環境。"./servers/cluster/httpd/node-a"

Mac下安裝Apache Httpd

配置證書

1. 生成主機金鑰

先為ssl的key和certificate建立存放目錄

:cluster Richard$ cd httpd/
:httpd Richard$ ls
httpd-2.4.17    node-a      node-b
:httpd Richard$ mkdir keys
:httpd Richard$ ls
httpd-2.4.17    keys        node-a      node-b
:httpd Richard$ cd keys

在目標目錄下執行

:keys Richard$ sudo openssl genrsa -des3 -out server.key 1024

結果

Generating RSA private key, 1024 bit long modulus
........++++++
................................++++++
e is 65537 (0x10001)
Enter pass phrase for app.key:
Verifying - Enter pass phrase for app.key:  

2. 生成簽署申請

* 注意以下提示輸入伺服器域名的時候不能用IP地址

$ openssl req -new -key app.key -out app.csr

根據提示輸入引數

enerating RSA private key, 1024 bit long modulus
....................++++++
.............++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
:keys Richard$ openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Shanghai
Locality Name (eg, city) []:Shanghai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:hoau.com
Organizational Unit Name (eg, section) []:sso
Common Name (e.g. server FQDN or YOUR name) []:proxy.sso.hoau.com
Email Address []:admin@sso.hoau.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Hoau123
An optional company name []:hoau.com

* 關於以上問題引數的說明

• 首先輸入客戶端所用金鑰(Hoau123)：

    Enter pass phrase for server.key:

• 單點登陸伺服器的域名：

    Common Name (e.g. server FQDN or YOUR name)             
        []:httpd-proxy1.sso.hoau.com

• 公司的名稱：

    Organization Name (eg, company) 
        [Internet Widgits Pty Ltd]:hoau.comom

• 單點登陸服務名稱：

    Organizational Unit Name (eg, section) 
        []: sso

• 所在地及國別：

    State or Province Name (full name) 
        [Some-State]: Shanghai
    Locality Name (eg, city) 
        []: Shanghai
    Country Name (2 letter code) 
        [AU]: CN        

3. 生成伺服器的私鑰

$ openssl rsa -in app.key -out server.key
    

4. 生成給網站伺服器簽署的證書

$ sudo openssl req -new -x509 -days 3650 -key server.key -out server.crt

至此，一共生成了4個檔案

配置伺服器

1. httpd.conf配置

#### Richard SSL enable cache
LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule cache_socache_module modules/mod_cache_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

2. httpd-ssl.conf配置

• 埠

    Listen 441 https

• VirtualHost埠

    <VirtualHost _default_:441>
  
    #   General setup for the virtual host
    DocumentRoot "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/htdocs"
    ServerName www.example.com:441
    ServerAdmin you@example.com
    ErrorLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/error_log"
    TransferLog "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/logs/access_log"

• SSLCertificateKeyFile路徑

    SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"

• SSLCertificateFile路徑

    SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/keys/server.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-dsa.crt"
    #SSLCertificateFile "/Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/server-ecc.crt"

* 注意：如果出現錯誤ssl_error_rx_record_too_long，可能是因為埠沒有配置對，需要檢查上面預設Listen和VirtualHost裡面的埠設定

執行

執行命令

httpd Richard$ sudo ./node-a/bin/httpd -f /Users/Richard/Documents/Dev/servers/cluster/httpd/node-a/conf/httpd.conf -k start

如果提示錯誤

SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).   

則需要檢查httpd.conf裡面和Cache相關的配置

測試

用瀏覽器訪問https://proxy.sso.hoau.com:441，會出現結果

結束