Информация
На главную Главная

Мой t-cards.ru
Войти Войти
Зарегистрироваться Регистрация

Разное
Форум Форум
Вернуться Форумы на t-cards.ru> Hard"n"Soft
Логин
Пароль
Регистрация Участники Поиск >> FAQ


Сообщения в теме: "Настройка apache & ssl..."
20.01.2006 12:51
Admin

Регистрация: 05.10.2005
Проживание: Москва
Сообщения: 272
По умолчаниюНастройка apache & ssl

Меняем кое-что в конфиге openssl для генерации сертификатов:
#/etc/ssl/openssl.cnf

[ CA_default ]

dir = . # Where everything is kept
certs = $dir/ssl.crt # Where the issued certs are kept
crl_dir = $dir/ssl.crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to "no" to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/ssl.crt # default place for new certs.

certificate = $dir/ssl.crt/t-cards-ca.crt # The CA certificate
serial = $dir/serial # The current serial number
#crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/ssl.crl/t-cards.pem # The current CRL
private_key = $dir/ssl.key/t-cards-ca.key # The private key
RANDFILE = $dir/private/.rand # private random number file


--------------------------------------------------------------
Геренерим корневой (CA) сертификат:
cd /etc/apache2/
mkdir ssl.key
mkdir ssl.crt
mkdir ssl.crl
mkdir ssl.csr

openssl req -config /etc/ssl/openssl.cnf -new -x509 -keyout ssl.key/t-cards-ca.key -out t-cards-ca.pem -days 3650 -subj /C=RU/ST=Moscow/L=Moscow/O=www.t-cards.ru/OU=www.t-cards.ru/CN=www.t-cards.ru
openssl rsa -in ssl.key/t-cards-ca.key -out ssl.key/t-cards-ca.key
openssl x509 -in t-cards-ca.pem -out ssl.crt/t-cards-ca.crt

touch index.txt
echo "01" > serial

Генерим сертификат сервера:
openssl req -config /etc/ssl/openssl.cnf -new -keyout ssl.key/t-cards.key -out ssl.csr/t-cards.csr -days 365 -subj /C=RU/ST=Moscow/L=Moscow/O=www.t-cards.ru/OU=www.t-cards.ru/CN=www.t-cards.ru
openssl rsa -in ssl.key/t-cards.key -out ssl.key/t-cards.key
openssl ca -config /etc/ssl/openssl.cnf -policy policy_anything -out ssl.crt/t-cards.pem -infiles ssl.csr/t-cards.csr

openssl x509 -in ssl.crt/t-cards.pem -out ssl.crt/t-cards.crt

openssl ca -gencrl -out ssl.crl/t-cards.pem

---------------------------------------------------------------
Правим конфиг апача:
#/etc/apache2/httpd.conf

Listen 0.0.0.0:443

LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

NameVirtualHost *:443

<VirtualHost *:443>
ServerName www.t-cards.ru
#ServerAlias *.t-cards.ru
DocumentRoot "/home/ftp/www/gateway.tpay-msk/html"
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/t-cards.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/t-cards.key
SSLCACertificateFile /etc/apache2/ssl.crt/t-cards-ca.crt
SSLCARevocationFile /etc/apache2/ssl.crl/t-cards.pem
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
#SetEnvIf User-Agent ".*MSIE.*" # nokeepalive ssl-unclean-shutdown # downgrade-1.0 force-response-1.0

<Directory "/home/ftp/www/gateway.tpay-msk/html">
Options -Indexes FollowSymLinks Includes
AllowOverride All
order allow,deny
allow from all
</Directory>
</VirtualHost>