#要点
> 必要条件
> 域名绑定、域名解析、推送
> 证书校对正确
> 如果ssl不在conf文件里面,则没有安装成功
> 安装ssl后,找到mod_ssl.so文件放置到apache modules文件夹中 重启apache
~~~
find / -name mod_ssl.so
cp /usr/lib64/httpd/modules/mod_ssl.so /usr/local/apache/modules/mod_ssl.so
# httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
# 这行#去掉
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
~~~
# Apache安装openssl扩展
### 定位到源码目录
~~~
cd /usr/local/src/httpd-2.4.35/modules/ssl
#执行
/usr/local/apache/bin/apxs -a -i -c -L /usr/lib64/openssl/engines/lib -c *.c -lcrypto -lssl -ldl
/usr/local/apache/bin/apachectl restart
vi /etc/httpd/httpd.conf
#搜索modle_ssl.so 去掉#
/usr/local/apache/bin/apachectl configtest
#如果出现fatal error: mod_md.h: No such file or directory
~~~
>如果出现
~~~
httpd-ssl.conf:SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?)."
#则需要打开 mod_socache_shmcb.so 扩展(vi /etc/httpd/httpd.conf)
~~~
# 下面是配置好的文件
> httpd.conf
~~~
#加上index.php
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
~~~
*****
> httpd-ssl文件
~~~
~~~
*****
> httpd-vhost文件
~~~
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [L,R]
</VirtualHost>
~~~
### 重启 Apache。
## 通过 https 方式访问您的站点,测试站点证书的安装配置,如遇到证书不信任问题,[请查看帮助视频。](https://help.aliyun.com/video_detail/54218.html?spm=5176.2020520163.cas.73.c5592b7amqJQGU)
~~~
#SSL文件模板 参考
Listen 443
# 加密套件
SSLHonorCipherOrder on
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
# 添加 SSL 协议支持协议,去掉不安全的协议
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog builtin
SSLStrictSNIVHostCheck off
# 缓存
SSLSessionCache "shmcb:/usr/local/apache/logs/ssl_scache(512000)"
# 超时时间
SSLSessionCacheTimeout 300
# 这个VirtualHost作参考。
<VirtualHost *:443>
DirectoryIndex index.php
DocumentRoot "/data/web/yunfenghy/public"
ServerName yunfenghy.com
ServerAlias www.yunfeng.com
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile "/etc/httpd/cert/yunfenghy.com/public.pem"
SSLCertificateKeyFile "/etc/httpd/cert/yunfenghy.com/214656961690632.key"
SSLCertificateChainFile "/etc/httpd/cert/yunfenghy.com/chain.pem"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/data/web/yunfenghy">
AllowOverride All
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
# 设置虚拟主机
<VirtualHost _default_:443>
DirectoryIndex index.php
# 设置网站根目录
DocumentRoot "/data/web/yunfenghy/public"
# 设置域名及端口
ServerName yunfenghy.com:443
# 开启SSL引擎
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# 设置证书文件
SSLCertificateFile "/etc/httpd/cert/www.yunfenghy.com/public.pem"
SSLCertificateChainFile "/etc/httpd/cert/www.yunfenghy.com/chain.pem"
SSLCertificateKeyFile "/etc/httpd/cert/www.yunfenghy.com/1526458991922.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/usr/local/apache/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
~~~