本文是在 Windows 環境下操作
D:\SSL
示範openssl genrsa -out yourname.key 2048
#yourname 為自訂檔名,2048 則是 RSA 2048 位元加密,亦可使用4096位元,依資安需求決定
openssl req -new -key yourname.key -out your.domain.name.req
# 國碼臺灣是 TW
Country Name (2 letter code) [AU]:TW
# 國名臺灣填 Taiwan
State or Province Name (full name) [Some-State]:Taiwan R.O.C
# 地名
Locality Name (eg, city) []:Taoyuan
# 組織單位名稱(公司名)
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company name
# 部門名稱
Organizational Unit Name (eg, section) []:department name
# 憑證的名稱 (通常為伺服器 FQDN),這裏的 FQDN 前面還有個 `*`,表示申請萬用憑證。
Common Name (eg, YOUR name) []:*.your.domain.name
# 申請人的聯絡信箱
Email Address []:who@your.email.domain
your.domain.name.req
申請憑證CertificateFile
CertificateKeyFile
CertificateChainFile
的目錄,將 CertB64.cer
your.domain.name.key
eCA_PublicCA.pem
放入
mkdir /etc/httpd/cert
chown -R root:root /httpd/cert
chmod -R 600 /httpd/cert
ssl.conf
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/httpd/cert/CertB64.cer
#即憑證路徑, 請指向放置憑證檔的路徑
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/httpd/cert/your.domain.name.key
#即私鑰路徑, 請指向放置私鑰檔的路徑
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/httpd/cert/eCA_PublicCA.pem
#若您申請購買SSL伺服器數位憑證, 您務必要設定為購買的SSL憑證
systemctl restart httpd.service