(用空格隔开表示两个都安装)
(若是已经安装了openssl,上述命令会直接更新openssl,更新后版本为:html
(注意: mkdir 与待建立目录名之间只能隔一个空格。)web
Apache/
IIS/
Nginx/
Tomcat/服务器
这三个ssl证书文件分别是:
1_root_bundle.crt
2_www.ydook.com.crt
3_www.ydook.com.keysvg
SSLCertificateFile /etc/pki/tls/certs/localhost.crt 修改成:
SSLCertificateFile /var/www/ssl/2_www.ydook.com.crt网站
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key 修改成:
SSLCertificateKeyFile /var/www/ssl/3_www.ydook.com.key命令行
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt 去掉#号,修改成:
SSLCACertificateFile /var/www/ssl/1_root_bundle.crtrest
修改成:
<VirtualHost *:443>code
#DocumentRoot “/var/www/html” 去掉#号注释,修改成:
DocumentRoot “/var/www/ydook”xml
#ServerName www.example.com:443 去掉#号注释,修改成:
ServerName www.ydook.com:443htm
ErrorLog logs/ssl_error_log 修改成:
ErrorLog /var/www/ydook/logs/error.log
CustomLog logs/ssl_request_log \ 修改成:
CustomLog /var/www/ydook/logs/access.log combined
并将下面一行的:"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b" 注释掉。
CustomLog /var/www/ydook/logs/access.log \ (推荐这种方法,保留通配符)
systemctl restart httpd
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
SSLCACertificateFile /etc/pki/tls/certs/root-certificate.crt # 若是使用自签名的证书或者由 ca-certificates 提供的根证书, 请删除此行代码
<VirtualHost> ServerAdmin info@example.com ServerName www.example.com DocumentRoot /var/www/example.com/public_html/ ErrorLog /var/www/example.com/logs/error.log CustomLog /var/www/example.com/logs/access.log combined </VirtualHost>