我跟着本教程为我的 AWS SSL 负载均衡器生成private-key.pem和csr.pem。一切顺利,但现在我需要设置 Apache 并需要 3 个文件。
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/certs/private.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
从我的文件中private-key.pem,,csr.pem以及cert.pem如何ca.pem
生成public.crt, private.key和intermediate.crt?
这是我的.conf参赛作品
<VirtualHost *:80>
DirectoryIndex index.html index.php
ServerName www.mydomain.com
ServerAlias mydomain.com
DocumentRoot /var/www/mydomain.com
ErrorLog /var/log/conf.log
<Directory /var/www/mydomain.com>
AllowOverride All
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
DirectoryIndex index.html index.php
ServerAdmin [email protected]
DocumentRoot /var/www/mydomain.com
ServerName www.mydomain.com
ErrorLog /var/log/conf.log
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/pki/tls/certs/cert.pem
SSLCertificateKeyFile /etc/pki/tls/certs/private-key.pem
SSLCertificateChainFile /etc/pki/tls/certs/ca.pem
#ServerPath /home
<Directory "/var/www/mydomain.com">
</Directory>
</VirtualHost>
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
Mutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
答案1
不要被文件扩展名所欺骗——它们在 Unix 系统上几乎没有意义。
SSLCertificateKeyFile应该指向 PEM 格式的密钥文件,你的 private-key.pem 应该已经准备好了。所以你可以在 Apache 配置中指向它。
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatekeyfile