[Ubuntu Server1204]建立Self-Sign的SSL Cert並用以自身的VPS
如題……今天終於提起心情來搞這個了……(趴)
–
先來一個update list:
sudo apt-get update
如果沒有apache請務必安裝:
sudo apt-get install apache2
啓用ssl mod:
sudo a2enmod ssl
重啓apache:
sudo service apache2 restart
建立儲存SSL Cert的folder:
sudo mkdir /etc/apache2/ssl
建立自簽證書:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
PS:想知道各選項意思請自行查看原文。
Enter之後會要你填入各種資訊:
Country Name (2 letter code) [AU]:HK
State or Province Name (full name) [Some-State]:Hong Kong Locality Name (eg, city) []:Hong Kong Organization Name (eg, company) [Internet Widgits Pty Ltd]:3rd Organ Organizational Unit Name (eg, section) []:Lilith Cert Common Name (e.g. server FQDN or YOUR name) []:blog.lenchan139.org Email Address []:[email protected]
之後修改SSL設定:
sudo nano /etc/apache2/sites-available/default-ssl
把下列的紅字部分自行修改掉:
<IfModule mod_ssl.c>
<VirtualHost _default_:443> ServerAdmin [email protected] ServerName your_domain.com ServerAlias www.your_domain.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch ".(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
啓用新上面的VirtualHost:
sudo a2ensite default-ssl
重啓apache:
sudo service apache2 restart
參考文章:
How To Create a SSL Certificate on Apache for Ubuntu 14.04
[https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04](https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04)