- 浏览: 89404 次
- 性别:
- 来自: 上海
文章分类
最新评论
-
Ryan_ly:
我遇到关于串口通信的问题,请指教啊,我qq 393356237 ...
客户端使用VB控件mscomm32.ocx实现自动读取串口电子称称重数据功能 -
liyan0524:
xiaoliu52013 写道请问您这个程序是适用于所有串口电 ...
客户端使用VB控件mscomm32.ocx实现自动读取串口电子称称重数据功能 -
xiaoliu52013:
请问您这个程序是适用于所有串口电子称吗?是否需要配置与电子称相 ...
客户端使用VB控件mscomm32.ocx实现自动读取串口电子称称重数据功能 -
刘宗才:
Tomcat 7配置Web界面管理发布应用 -
xdpcxq:
很牛啊。支持一下。
maven1与jetty管理配置GWT项目开发
1.在线安装mod_ssl
yum -y install mod_ssl
查看openssl 是否安装成功
rpm -qa |grep openssl
2.建立服务器密钥
openssl genrsa -out server.key 1024
3.建立服务器公钥
openssl req -new -key server.key -out server.csr
4.建立服务器证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
5.修改SSL的设置文件
/etc/httpd/conf.d/ssl.conf
# # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # LoadModule ssl_module modules/mod_ssl.so LoadModule jk_module modules/mod_jk.so JkWorkersFile "conf/workers.properties" JkLogFile "logs/mod_jk.log" # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # Listen 443 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex default # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # # Use "SSLCryptoDevice" to enable any supported hardware # accelerators. Use "openssl engine -v" to list supported # engine names. NOTE: If you enable an accelerator and the # server does not start, consult the error logs and ensure # your accelerator is functioning properly. # SSLCryptoDevice builtin #SSLCryptoDevice ubsec ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> # General setup for the virtual host, inherited from global configuration #DocumentRoot "/var/www/html" #ServerName www.example.com:443 jkMount /* tomcat1 ServerName 192.168.1.134:443 # Use separate log files for the SSL virtual host; note that LogLevel # is not inherited from httpd.conf. ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Protocol support: # List the enable protocol levels with which clients will be able to # connect. Disable SSLv2 access by default: SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. #SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key SSLCertificateFile /etc/httpd/conf/server.crt SSLCertificateKeyFile /etc/httpd/conf/server.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>
6.重启httpd
service httpd restart
发表评论
-
linux apache配置ssl支持https
2012-03-23 16:01 01.在线安装mod_ssl yum -y install ... -
tomcat配置https协义
2012-03-21 15:32 17511. 生成server.keystore: ... -
免安装部署版的Tomcat注册为windows系统服务
2011-12-14 09:54 12851. 首先检查系统是不是之前有安装过之前的版本的tomcat, ... -
LINUX samba配置共享文件目录
2011-12-01 16:37 51371.使用rpm -qa|grep samba 查看是否安装sa ... -
Linux下tomcat的catalina.out文件过大,以及目录更改解决办法
2011-11-30 14:41 15842方法1—分割流 使用cronolog工具切分Tomcat ... -
LINUX tomcat注册为系统服务
2011-11-30 10:37 30621.在/etc/rc.d/init.d中建tomcatd脚本. ... -
Linux JDK、tomcat,apache安装,整合集群配置
2011-11-30 10:11 2578一、文件下载 jdk下载链接 http://w ... -
Tomcat 7配置Web界面管理发布应用
2011-11-29 15:25 6161在捣腾Tomcat 7的时候遇到一个问题,很多人对tom ... -
Linux如何用vi编辑和保存文件
2011-11-29 15:16 3505vi是Linux终端下或控制台下常用的编辑器,基本的操作方式为 ... -
linux下修改mysql的root用户密码,设置root用户远程访问
2011-11-29 11:50 3194方法一: # /etc/init.d/mysql stop # ... -
客户端使用VB控件mscomm32.ocx实现自动读取串口电子称称重数据功能
2011-11-29 11:22 9861客户端使用VB控件mscomm32.ocx实现自动读取串 ... -
Eclipse使用秘技
2011-11-30 21:20 1132热键篇: 1.Temp ... -
使用笛卡尔积java对List进行排列组合
2011-11-25 14:02 6944public class Test1 { @Su ... -
MQ在LINUX下安装配置
2011-11-25 13:58 4070tar zxvf mq7.tar.gz rpm -ivh c ... -
GWT2.X以上调试模式配置
2011-11-25 13:53 15871. 2. -remoteUI "$ ... -
maven1与jetty管理配置GWT项目开发
2011-11-25 13:45 3270开发环境配置文档 一 MAVEN配置 1. 获取MAVEN项 ... -
TPCC 值估算
2011-11-25 12:04 931企业业务量与服务器硬件配置的TPCC值估算 每日单据量 5 ...
相关推荐
在Centos7.6平台下使用openssl给apache做自签名证书,并给apache设置HTTPS的SSL证书。(无坑版) 二、平台 [root@kahn.xiao ~]# uname -r 3.10.0-957.el7.x86_64 [root@kahn.xiao ~]# cat /etc/redhat-release ...
Apache Tomcat作为一款广泛使用的Java Web应用服务器,支持通过配置SSL来启用HTTPS服务。本文将详细介绍如何在Apache Tomcat中配置SSL,从而实现HTTPS的服务部署。 #### 二、生成Server端安全证书 要在Apache ...
### Linux Apache环境多域名配置详解 #### 一、前言 在互联网开发中,单一服务器部署多个项目并分别对应不同的域名是一种常见的需求。这不仅能够提高服务器资源的利用率,还能帮助开发者更好地组织和管理不同类型...
Linux 下 Tomcat SSL 支持设置 在 Linux 环境中设置 Tomcat 支持 SSL,使用 Keytool 生成安全密钥。本文档总结了在 CentOS release 5.7 系统上使用 JDK 1.6.0_30 和 Tomcat 6.0.26 的设置过程。 一、生成认证文件 ...
安装完成后,需要对Apache配置文件httpd.conf进行修改,启用SSL模块和反向代理功能: 1. 解压SSL扩展包,将mod_ssl模块复制到Apache的modules目录。 2. 在httpd.conf中加载mod_ssl模块,添加`LoadModule ssl_module...
Apache 无法加载SSL模块是一个常见的问题,特别是在配置或更新服务器以支持HTTPS通信时。这个问题通常是由于多种原因引起的,包括但不限于缺失的库文件、错误的配置、未正确编译或安装的模块,以及权限问题。接下来...
本教程将深入讲解如何配置Apache Server的Httpd配置文件以启用SSL443端口,并涵盖Odoo服务从8069端口重定向到443端口的设置。 首先,让我们了解SSL和端口443。SSL(Secure Socket Layer)是用于加密网络通信的协议...
这个配置过程完成后,你的Linux系统上就会有一个支持SSL的Apache2和Tomcat7.0集群,能够处理HTTP和HTTPS请求,并通过AJP协议与后端Tomcat实例进行通信。这不仅可以提高安全性,还可以通过负载均衡提高系统的可伸缩性...
Apache配置SSL是为了实现HTTPS协议,以提供安全的网络通信。HTTPS使用SSL/TLS协议来加密传输数据,确保信息不被窃取或篡改。在Apache上配置SSL涉及到以下几个关键步骤: 1. **安装OpenSSL**:OpenSSL是实现SSL/TLS...
【概述】 ...以上就是Ubuntu环境中配置SVN+Apache+SSL的详细步骤,包括安装、配置、权限设置以及SSL安全连接的建立。通过这样的设置,你的团队可以安全地协作开发项目,同时确保代码仓库受到保护。
在完成以上步骤后,你的Apache服务器就已经配置好HTTPS支持,可以安全地提供网页内容。请注意,实际操作中可能需要根据你的系统环境和具体需求调整配置。同时,为了保持服务器的安全性,建议定期更新Apache和openssl...
在Apache配置文件`httpd.conf`中,添加以下内容以启用SSL支持: ```apacheconf LoadModule ssl_module modules/mod_ssl.so Listen 443 *:443> ServerAdmin webmaster@localhost DocumentRoot "/usr/local/apache...
8. **安全与优化**:为了增强安全性,建议禁用不必要的Apache模块,限制对服务器的访问,以及安装SSL证书以提供HTTPS支持。 9. **日志管理**:Apache的日志文件位于`/var/log/apache2`(Debian/Ubuntu)或`/var/log...
总的来说,配置Apache以支持HTTP和HTTPS涉及安装和配置Apache,定义虚拟主机,设置SSL证书,以及可能的URL重写和版本控制系统集成。这是一个涉及多步骤的过程,但遵循正确的步骤和最佳实践可以确保服务器提供安全、...
### 使用OpenSSL为Apache生成SSL证书 #### 一、引言 随着互联网技术的发展与用户对数据安全意识的提升,HTTPS协议已经成为网站标配之一。HTTPS不仅能够加密传输数据,还能验证服务器身份,确保用户访问的是真实...
在Linux环境中配置Apache的HTTPS服务,主要涉及到的是Apache的SSL(Secure Sockets Layer)模块,用于提供加密通信和服务器身份验证的安全协议。在本文中,我们将详细讨论如何在Linux Apache上配置HTTPS,以及涉及的...
1. **安装**:在大多数Linux发行版中,可以通过包管理器如`apt-get`或`yum`来安装Apache和mod_ssl。例如,在Ubuntu上,可以运行`sudo apt-get install apache2 libssl-dev`,在CentOS上则使用`sudo yum install ...
值得注意的是,配置Apache时还可以根据需求调整其他参数,如设置文档根目录、启用SSL支持、配置多线程模型等。此外,编译安装后,记得定期更新Apache以获取最新的安全补丁和功能改进。对于生产环境,推荐使用软件包...