本篇將以兩種不同使用模式來說明:
需要的檔案
編輯 /etc/httpd/conf.d/ssl.conf: (以 CentOS 5.x 為例)
LoadModule ssl_module modules/mod_ssl.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl ... <VirtualHost _default_:443> ServerName this.is.your.host:443 <=== 這裡 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/mypbxCA/certs/this-is-your-host_SERVER.crt <=== 這裡 SSLCertificateKeyFile /etc/pki/mypbxCA/private/this-is-your-host_SERVER.key <=== 這裡 ... </VirtualHost>
重啟 Apache 服務
需要的檔案
編輯 /etc/httpd/conf.d/ssl.conf: (以 CentOS 5.x 為例)
... <VirtualHost _default_:443> ServerName this.is.your.host:443 <=== 這裡 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/mypbxCA/certs/this-is-your-host_SERVER.crt <=== 這裡 SSLCertificateKeyFile /etc/pki/mypbxCA/private/this-is-your-host_SERVER.key <=== 這裡 SSLVerifyClient require <=== 這裡 SSLVerifyDepth 10 <=== 這裡 ... </VirtualHost>
重啟 Apache 服務