仝 tóng

为你的网站添加HTTPS,购买RapidSSL及安装向导

1.这一步你要登录服务器,生成key

$  cd /etc/pki/tls/private

$  openssl genrsa -des3 -out 名字.key 2048   这一步要填写密码

$ openssl req -new -key 名字.key -out 名字.csr 这一步输入上面的密码

注意,在出现Email Address []:这一步后直接回车,回车,回车,不要填写任何东西。

2.前往 https://www.name.com/ssl 购买9.99刀的RapidSSL

捕获1.PNG

3.点击Add to cart并支付

捕获11.PNG

4.支付完成后点击右侧的 setup producs

捕获111.PNG

5.下面进入SSL的设置界面,输入域名,建议添加www,这样不加www的裸域也可以使用。

捕获1111.PNG

6.将在服务器上生成的“名字.csr“,内容拷贝下来,填写在第五步的下一步。

995306b3a436fa3579acd0e8d7a15aa2_view.jpg

7.点击下一步后,确认你可以收到批准的邮件,然后进入邮箱查看这个批准邮件(大概这个类似网址:https://products.geotrust.com/orders/A.do?p=0232jew

捕获11111.PNG

8.然后回到name.com,点击check validation status,然后就能看到Server Certificate,CA Certificates,以及ROOT了

  1. 进入服务器,进入/etc/pki/tls/certs,生成server.crt,将上面的Server Certificate内容拷贝到里面,再创建一个intermediate.crt,将CA Certificates,以及ROOT内容拷贝到里面,保存退出。

  2. vim /etc/httpd/conf/httpd.conf 然后在最底部需要输入内容

    <VirtualHost *:80>

    DocumentRoot /var/www/html/example

ServerName example.net
ServerAlias www.example.net
ErrorLog logs/example.net-error_log
<Directory /var/www/html/example>
AllowOverride All
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt
<Directory /var/www/html/example>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/example
ServerName example.net
ServerAlias www.example.net
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
ErrorLog logs/icloud.net-error_log
</VirtualHost>

11.vim /etc/httpd/conf.d/ssl.conf

<VirtualHost 97.107.138.98:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
DocumentRoot "/var/www/html/example"
ServerName example.com:443
<Directory /var/www/html/example>
AllowOverride All
</Directory>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHAECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key
SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt
<Files ~ "\.(cgi|shtml|phtml|php3?)$">

SSLOptions +StdEnvVars

</Files>
<Directory "/var/www/cgi-bin">

SSLOptions +StdEnvVars

</Directory>
SetEnvIf User-Agent ".MSIE." \

     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \

      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

$ service httpd restart

这样基本就完成了