openssl x509 -in ufk.yonyouup.com.crt -noout -dates\r\nnotBefore=Apr 26 02:51:07 2016 GMT\r\nnotAfter=Apr 26 02:51:07 2018 GMT\r\n# curl --insecure -v -s -o \/dev\/null https:\/\/www.baidu.com 2>&1 | grep \"expire date\"\r\n* \texpire date: Oct 09 06:31:51 2021 GMT<\/code><\/pre>\n\u67e5\u770b\u8be6\u60c5\uff1a<\/p>\n
# openssl x509 -in ufk.yonyouup.com.crt -noout -text\r\nCertificate:\r\n Data:\r\n Version: 3 (0x2)\r\n Serial Number:\r\n 54:2a:bc:48:f6:d5:6f:58:e5:3b:09:d8:b8:ce:41:a2\r\n Signature Algorithm: sha256WithRSAEncryption\r\n Issuer: C=CN, O=WoSign CA Limited, CN=CA \\xE6\\xB2\\x83\\xE9\\x80\\x9A\\xE5\\x85\\x8D\\xE8\\xB4\\xB9SSL\\xE8\\xAF\\x81\\xE4\\xB9\\xA6 G2\r\n Validity\r\n Not Before: Apr 26 02:51:07 2016 GMT\r\n Not After : Apr 26 02:51:07 2018 GMT\r\n Subject: CN=www.liutianfeng.com\r\n Subject Public Key Info:\r\n Public Key Algorithm: rsaEncryption\r\n Public-Key: (2048 bit)\r\n Modulus:\r\n 00:e0:f3:99:b2:83:e4:9d:c4:16:ab:e5:68:07:c5:\r\n 0e:1d:b2:bc:78:be:71:a0:e2:91:33:e9:8c:be:a4:\r\n 10:91:14:e3:ff:58:2e:db:ac:1a:24:3e:9a:c5:2c:\r\n f5:e3:97:1a:36:02:84:a2:97:0f:72:01:5a:43:55:\r\n 6f:8a:53:a9:f0:08:22:af:8f:da:44:bd:79:2f:62:\r\n 49:14:22:aa:d1:8c:fc:c3:7f:96:3e:6a:a6:f1:3a:\r\n b9:51:c6:0e:5d:e0:aa:3c:8e:90:b6:e3:c5:75:74:\r\n 46:94:90:e7:b1:3e:fe:9f:09:20:56:db:c9:cb:7c:\r\n 99:7c:57:43:f3:e7:9d:f4:9a:c0:d8:b7:f8:ce:c2:\r\n 34:b2:18:a2:2c:da:9d:5d:c1:09:01:2d:06:12:a9:\r\n 6e:91:7e:86:07:e3:23:0d:7d:a4:eb:aa:ab:13:ac:\r\n 94:0d:5e:79:88:e7:45:36:b6:3d:fe:95:1e:53:65:\r\n 94:d0:7f:06:f0:0d:00:03:c7:b8:3f:9d:d9:81:97:\r\n 9f:ec:cf:8b:7d:de:cf:fd:76:9c:8c:85:95:34:14:\r\n 66:54:4c:41:79:bb:6c:c3:8b:ec:de:3a:3a:ed:2d:\r\n ee:e6:f1:61:0d:26:be:e9:eb:10:c3:4d:2a:c1:f3:\r\n 30:aa:ae:88:c7:8a:95:58:eb:46:d3:16:58:c5:f1:\r\n 1a:9b\r\n Exponent: 65537 (0x10001)\r\n X509v3 extensions:\r\n X509v3 Key Usage: critical\r\n Digital Signature, Key Encipherment\r\n X509v3 Extended Key Usage: \r\n TLS Web Client Authentication, TLS Web Server Authentication\r\n X509v3 Basic Constraints: \r\n CA:FALSE\r\n X509v3 Subject Key Identifier: \r\n 2E:4B:70:C3:10:BC:47:EA:9F:28:B6:95:19:00:B4:A8:65:67:A3:2D\r\n X509v3 Authority Key Identifier: \r\n keyid:30:DA:74:86:F3:28:90:56:9E:D7:31:31:C2:BD:59:CD:93:12:39:1D\r\n\r\n Authority Information Access: \r\n OCSP - URI:http:\/\/ocsp2.wosign.cn\/ca2g2\/server1\/free\r\n CA Issuers - URI:http:\/\/aia2.wosign.cn\/ca2g2.server1.free.cer\r\n\r\n X509v3 CRL Distribution Points: \r\n\r\n Full Name:\r\n URI:http:\/\/crls2.wosign.cn\/ca2g2-server1-free.crl\r\n\r\n X509v3 Subject Alternative Name: \r\n DNS:www.liutianfeng.com\r\n X509v3 Certificate Policies: \r\n Policy: 2.23.140.1.2.1\r\n Policy: 1.3.6.1.4.1.36305.1.1.2\r\n CPS: http:\/\/www.wosign.com\/policy\/\r\n\r\n Signature Algorithm: sha256WithRSAEncryption\r\n 3f:a7:07:39:28:75:d2:fe:f6:92:b9:d8:ad:4e:91:40:28:1e:\r\n 45:3d:2a:09:96:b8:6a:73:5b:df:f1:c8:42:a6:1b:30:e2:1d:\r\n 90:b8:ab:e7:d9:e7:3f:3f:f6:53:68:c1:14:9f:9b:44:c3:c6:\r\n 1a:77:75:43:8a:b4:b7:0d:08:e0:00:90:be:a3:31:52:52:66:\r\n 93:98:bb:db:65:70:22:48:00:dd:3d:7c:7b:e4:a0:0e:cd:09:\r\n 44:e5:fb:d8:b0:50:49:fe:d2:05:0f:02:ed:68:73:e9:61:ba:\r\n cb:d7:90:77:31:32:e1:29:6f:c2:af:b8:d6:dd:01:e7:d7:73:\r\n d8:f7:93:59:8e:0c:30:d8:9f:3e:e1:28:0f:46:43:eb:ab:df:\r\n 1a:60:26:8e:97:2d:23:e5:4c:44:02:d8:4a:0d:b6:df:ec:9c:\r\n 9e:14:2d:ee:e3:7b:bc:d0:59:5b:57:30:8b:a9:99:d0:85:d4:\r\n 58:70:a1:69:9b:1a:c2:cf:f7:a4:31:37:85:d4:7f:45:04:ec:\r\n f5:c5:3a:d8:f2:d4:7f:9c:c9:87:a7:54:ee:66:8e:be:38:16:\r\n f7:b4:0c:c7:d8:8c:d9:81:76:db:15:06:ab:c4:92:d9:10:1f:\r\n f5:d5:f6:54:3a:11:09:f5:44:86:f8:78:54:aa:48:fa:de:c8:\r\n 12:85:8a:ae<\/code><\/pre>\n\u6d4b\u8bd5\u73af\u5883\uff1a<\/p>\n
httpd\u4e3b\u673a\uff1a192.168.75.55\r\nCA\u4e3b\u673a\uff1a192.168.75.88\r\nCentOS 6.6\r\nApache 2.2\r\nApache:\u00a0\u865a\u62df\u4e3b\u673a\u65b9\u6848\uff0chello.skelchina.com\u662fssl\u8981\u914d\u7f6e\u7684\u4f60\u4e3b\u673a<\/code><\/pre>\n\u6d4b\u8bd5\u65b9\u6848\uff1a<\/p>\n
\u4e00\u3001CA\u4e3b\u673a\u81ea\u7b7e\u8bc1\u4e66\r\n\u4e8c\u3001httpd\u4e3b\u673a\u751f\u6210csr\u6587\u4ef6\uff0c\u53d1\u9001\u7ed9CA\u4e3b\u673a\u7b7e\u7f72\r\n\u4e09\u3001httpd\u4e3b\u673a\u590d\u5236\u7b7e\u6536\u540e\u7684\u4e3b\u673a\uff0c\u914d\u7f6ehttps\u670d\u52a1\r\n\u56db\u3001windows\u7aef\u5b89\u88c5CA\u7684\u8bc1\u4e66\uff0c\u4fe1\u4efb\u540e\u6d4b\u8bd5\u8bbf\u95ee\u7ed3\u679c<\/code><\/pre>\n\u4e00\u3001CA\u4e3b\u673a\uff08192.168.75.88\uff09\u81ea\u7b7e\u8bc1\u4e66<\/h3>\n
\u9996\u5148\uff0c\u9700\u8981mod_ssl\u6a21\u5757\u7684\u652f\u6301\uff0chttpd -M\u67e5\u770b\u6709\u6ca1\u6709\u8fd9\u4e2a\u6a21\u5757\uff0c\u6ca1\u6709\u7684\u8bdd\u5b89\u88c5\uff1a<\/p>\n
http\u7684\u6a21\u5757\u4e2d\u8981\u6709\u652f\u6301ssl\u7684\uff0c\u5426\u5219\u65e0\u6cd5\u5b9e\u73b0ssl\u914d\u7f6e\u3002\r\n\u9ed8\u8ba4\u7684httpd\u7a0b\u5e8f\u6ca1\u6709ssl\u6a21\u5757\uff0cyum\u5b89\u88c5\u4e00\u4e0b\uff1a\r\n# yum install -y mod_ssl\r\n# rpm -ql mod_ssl\r\n\/etc\/httpd\/conf.d\/ssl.conf \/\/ httpd\u7684conf.d\u76ee\u5f55\u751f\u6210\u4e86\u4e00\u4e2assl.conf\u6587\u4ef6\r\n\/usr\/lib64\/httpd\/modules\/mod_ssl.so\r\n\/var\/cache\/mod_ssl\r\n\/var\/cache\/mod_ssl\/scache.dir\r\n\/var\/cache\/mod_ssl\/scache.pag\r\n\/var\/cache\/mod_ssl\/scache.sem<\/code><\/pre>\nCA\u81ea\u7b7e\u8bc1\u4e66\uff1a<\/p>\n
# pwd\r\n\/etc\/pki\/CA\r\n# (umask 077; openssl genrsa -out private\/cakey.pem 2048) \/\/ \u62ec\u53f7\u8868\u793a\u4e00\u4e9b\u914d\u7f6e\u4ec5\u5728\u8fd9\u4e2a\u6307\u4ee4\u6bb5\u6709\u6548\r\nGenerating RSA private key, 2048 bit long modulus\r\n..........................+++\r\n...................................................................................+++\r\ne is 65537 (0x10001)\r\n# ls private\/\r\ncakey.pem<\/code><\/pre>\n\u4fee\u6539\u9ed8\u8ba4\u7684\u914d\u7f6e\uff0c\u4e4b\u540e\u5c31\u4e0d\u7528\u5728\u751f\u6210\u8bc1\u4e66\u7684\u65f6\u5019\u9891\u7e41\u5199\u5165\u5185\u5bb9\uff1a<\/p>\n
# vim \/etc\/pki\/tls\/openssl.cnf\r\n[ req_distinguished_name ]\r\ncountryName = Country Name (2 letter code)\r\ncountryName_default = CN\r\ncountryName_min = 2\r\ncountryName_max = 2\r\n\r\nstateOrProvinceName = State or Province Name (full name)\r\nstateOrProvinceName_default = Beijing\r\n\r\nlocalityName = Locality Name (eg, city)\r\nlocalityName_default = Beijing\r\n\r\n0.organizationName = Organization Name (eg, company)\r\n0.organizationName_default = skelchina\r\n\r\norganizationalUnitName = Organizational Unit Name (eg, section)\r\norganizationalUnitName_default = Tech\r\n\r\ncommonName = Common Name (eg, your name or your server\\'s hostname)\r\ncommonName_max = 64\r\n\r\nemailAddress = Email Address\r\nemailAddress_max = 64<\/code><\/pre>\n\u81ea\u7b7e\u8bc1\u4e66\uff0c\u4e00\u8def\u56de\u8f66\uff0c\u56e0\u4e3a\u662f\u81ea\u7b7e\uff0chostname\u65b9\u9762\u4e0d\u7528\u592a\u6ce8\u610f\uff0c\u4f46\u53d1\u7ed9\u522b\u7684\u4e3b\u673a\uff0c\u8981\u548c\u4e3b\u673a\u540d\uff08\u7f51\u7ad9\u7684\u4e3b\u673a\u540d\uff09\u4e00\u81f4\uff0c\u5426\u5219\u8b66\u544a\u3002<\/p>\n
# openssl req -new -x509 -key \/etc\/pki\/CA\/private\/cakey.pem -out cacert.pem -days 3655 \/\/ \u81ea\u7b7e\u8bc1\u4e66\uff0c\u4e00\u8def\u56de\u8f66\uff0c\u56e0\u4e3a\u662f\u81ea\u7b7e\uff0chostname\u65b9\u9762\u4e0d\u7528\u592a\u6ce8\u610f\uff0c\u4f46\u53d1\u7ed9\u522b\u7684\u4e3b\u673a\uff0c\u8981\u548c\u4e3b\u673a\u540d\uff08\u7f51\u7ad9\u7684\u4e3b\u673a\u540d\uff09\u4e00\u81f4\uff0c\u5426\u5219\u8b66\u544a\u3002\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [CN]:\r\nState or Province Name (full name) [Beijing]:\r\nLocality Name (eg, city) [Beijing]:\r\nOrganization Name (eg, company) [skelchina]:\r\nOrganizational Unit Name (eg, section) [Tech]:\r\nCommon Name (eg, your name or your server's hostname) []:ca.skelchina.com\r\nEmail Address []:admin@skelchina.com<\/code><\/pre>\n\u5c06\/etc\/pki\/tls\/openssl.conf\u91cc\u9762\u7684\u9ed8\u8ba4\u8def\u5f84\u7b49\u914d\u7f6e\u4e00\u4e0b\uff0c\u4ee5\u65b9\u4fbf\u7b7e\u7f72\u8bc1\u4e66\uff1a<\/p>\n
[ CA_default ]\r\n\r\ndir = \/etc\/pki\/CA # Where everything is kept \/\/ \u6587\u4ef6\u5b58\u653e\u76ee\u5f55\r\ncerts = $dir\/certs # Where the issued certs are kept\r\ncrl_dir = $dir\/crl # Where the issued crl are kept\r\ndatabase = $dir\/index.txt # database index file.\r\n#unique_subject = no # Set to 'no' to allow creation of\r\n # several ctificates with same subject.\r\nnew_certs_dir = $dir\/newcerts # default place for new certs.\r\n\r\ncertificate = $dir\/cacert.pem # The CA certificate \/\/ \u6211\u4eec\u751f\u6210cacert\u7684\u65f6\u5019\u5c31\u662f\u8fd9\u4e2a\u540d\u79f0\uff0c\u4e3a\u4e86\u65b9\u4fbf\u3002\r\nserial = $dir\/serial # The current serial number\r\ncrlnumber = $dir\/crlnumber # the current crl number\r\n\r\ncrl = $dir\/crl.pem # The current CRL\r\nprivate_key = $dir\/private\/cakey.pem# The private key \/\/ \u9ed8\u8ba4\u7684\u79c1\u94a5\u5730\u5740\uff0c\u5b9a\u4e49\u7684\u65f6\u5019\u4e5f\u6309\u7167\u8fd9\u4e2a\u540d\u79f0\u5b9a\u4e49\u7684\r\nRANDFILE = $dir\/private\/.rand # private random number file\r\n<\/code><\/pre>\n\u51c6\u5907\u4e00\u4e9b\u76ee\u5f55\u3001\u6587\u4ef6\uff0c\u65b9\u4fbfhttpd\u670d\u52a1\u5668\u7684cert\u7b7e\u7f72\uff1a<\/p>\n
# pwd\r\n\/etc\/pki\/CA\r\n# mkdir certs crl newcerts \/\/ \u51c6\u5907\u7528\u5230\u7684\u76ee\u5f55\r\n# touch index.txt \/\/ \u5efa\u7acb\u7d22\u5f15\u6587\u4ef6\r\n# echo 01 > serial \/\/ \u5c06\u5e8f\u5217\u53f7\u52a0\u5165\u5230\u6587\u4ef6\u4e4b\u4e2d<\/code><\/pre>\n\u4e8c\u3001http\u670d\u52a1\u5668\u751f\u6210cert\u7b7e\u7f72\u8bf7\u6c42\uff0c\u53d1\u9001\u7ed9CA\uff0c\u4ea4\u7531CA\u7b7e\u7f72<\/h3>\n
httpd\u670d\u52a1\u5668\u751f\u6210csr\u8bf7\u6c42\uff1a<\/p>\n
# mkdir \/etc\/httpd\/ssl && cd \/etc\/httpd\/ssl\r\n# (umask 077; openssl genrsa 2048 > httpd.key) \/\/ \u751f\u6210\u4e00\u4e2a\u5bc6\u94a5\uff0c\u53ef\u4ee5\u662f2048\u4f4d\r\nGenerating RSA private key, 2048 bit long modulus\r\n........................................++++++\r\n............++++++\r\ne is 65537 (0x10001)\r\n[root@MyLinux ssl]# ll\r\ntotal 4\r\n-rw------- 1 root root 887 Feb 13 07:22 httpd.key \/\/ \u6743\u9650600\r\n[root@MyLinux ssl]# openssl req -new -key httpd.key -out httpd.csr \/\/ \u751f\u6210csr\u6587\u4ef6\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [XX]:CN \/\/ \u6ce8\u610f\u8981\u548cCA\u673a\u6784\u7684\u53c2\u6570\u5b8c\u5168\u4e00\u81f4\r\nState or Province Name (full name) []:Beijing\r\nLocality Name (eg, city) [Default City]:Beijing\r\nOrganization Name (eg, company) [Default Company Ltd]:SkelChina\r\nOrganizational Unit Name (eg, section) []:Tech\r\nCommon Name (eg, your name or your server's hostname) []:hello.skelchina.com \/\/ \u7b7e\u7f72\u7684\u4e3b\u673a\u540d\uff0c\u5f88\u91cd\u8981\r\nEmail Address []:hello@skelchina.com \/\/ \u4ee5\u4e0b\u7684\u4e0d\u91cd\u8981\uff0c\u53ef\u4ee5\u4e0d\u586b\u6216\u8005\u81ea\u5b9a\u4e49\r\n\r\nPlease enter the following 'extra' attributes\r\nto be sent with your certificate request\r\nA challenge password []:\r\nAn optional company name []:<\/code><\/pre>\n\u590d\u5236\u5230CA\u4e3b\u673a\u5e76\u7b7e\u7f72\uff1a<\/p>\n
# scp httpd.csr 192.168.75.88:\/tmp\r\n[root@Lius CA]# openssl ca -in \/tmp\/httpd.csr -out \/tmp\/httpd.crt -days 3650 \/\/ CA\u7aef\u7b7e\u7f72\r\nUsing configuration from \/etc\/pki\/tls\/openssl.cnf\r\nCheck that the request matches the signature\r\nSignature ok\r\nCertificate Details:\r\n Serial Number: 1 (0x1)\r\n Validity\r\n Not Before: Feb 13 12:38:26 2018 GMT\r\n Not After : Feb 11 12:38:26 2028 GMT\r\n Subject:\r\n countryName = CN\r\n stateOrProvinceName = Beijing\r\n organizationName = SkelChina\r\n organizationalUnitName = Tech\r\n commonName = hello.skelchina.com\r\n emailAddress = admin@hello.com\r\n X509v3 extensions:\r\n X509v3 Basic Constraints: \r\n CA:FALSE\r\n Netscape Comment: \r\n OpenSSL Generated Certificate\r\n X509v3 Subject Key Identifier: \r\n 0C:A6:4C:B5:7F:E0:6C:CF:BC:64:53:82:7A:66:CA:1F:8E:FB:87:EF\r\n X509v3 Authority Key Identifier: \r\n keyid:C1:1C:CE:6B:98:99:45:C6:C3:E2:DA:85:C3:F8:E8:2B:3E:06:EC:7E\r\n\r\nCertificate is to be certified until Feb 11 12:38:26 2028 GMT (3650 days)\r\nSign the certificate? [y\/n]:y \/\/ \u662f\u5426\u7b7e\u7f72\uff0c\u952e\u5165y\r\n\r\n\r\n1 out of 1 certificate requests certified, commit? [y\/n]y \/\/ \u63d0\u4ea4\u952e\u5165y\r\nWrite out database with 1 new entries\r\nData Base Updated\r\n\r\n[root@Lius CA]# cat index.txt \/\/ \u67e5\u770bindex\u548cserial\uff0c\u53ef\u4ee5\u53d1\u73b0\u5185\u5bb9\u6539\u53d8\u4e86\u3002\r\nV\t280211123826Z\t\t01\tunknown\t\/C=CN\/ST=Beijing\/O=SkelChina\/OU=Tech\/CN=hello.skelchina.com\/emailAddress=admin@hello.com\r\n[root@Lius CA]# cat serial\r\n02<\/code><\/pre>\n\u4e09\u3001http\u670d\u52a1\u5668\u590d\u5236cert\u8fc7\u6765\uff0c\u5e76\u8fdb\u884chttps\u914d\u7f6e<\/h3>\n[root@MyLinux ssl]# scp 192.168.75.88:\/tmp\/httpd.crt .\/\r\n[root@MyLinux ssl]# ls\r\nhttpd.crt httpd.csr httpd.key\r\n\u6ce8\u610f\u5220\u9664CA\u91cc\u9762\u751f\u6210\u7684crt\u6587\u4ef6\u548cscr\u6587\u4ef6\r\n# cd \/etc\/httpd\/conf.d\r\n# cp ssl.conf ssl.conf.bak \/\/ \u5148\u5907\u4efd\u4e00\u4e0b\r\n# vim ssl.conf \/\/ \u7f16\u8f91\u4e00\u4e0b\u914d\u7f6e\u6587\u4ef6\r\n\r\nLoadModule ssl_module modules\/mod_ssl.so \/\/ \u8f7d\u5165\u4e86\u4e00\u4e2a\u6a21\u5757\r\nListen 443\r\nSSLPassPhraseDialog builtin\r\nSSLSessionCache shmcb:\/var\/cache\/mod_ssl\/scache(512000)\r\nSSLSessionCacheTimeout 300\r\nSSLMutex default\r\nSSLRandomSeed startup file:\/dev\/urandom 256\r\nSSLRandomSeed connect builtin\r\nSSLCryptoDevice builtin\r\n\r\n# <VirtualHost _default_:443> \/\/ \u5982\u679c\u6709\u591a\u4e2aip\uff0c\u8981\u914d\u7f6e\u7279\u5b9a\u7684ip\r\n<VirtualHost 192.168.75.55:443>\r\nServerName hello.skelchina.com \/\/ \u6307\u5b9aServerName, \u56e0\u4e3a\u53ea\u63d0\u4f9b\u4e00\u4e2a\u865a\u62df\u4e3b\u673a\u7684ssl\u3002\r\nDocumentRoot \"\/www\/skelchina\" \/\/ \u8981\u548c\u4e0d\u9002\u7528ssl\u7684\u8def\u5f84\u76f8\u540c\r\nErrorLog logs\/ssl_error_log\r\nTransferLog logs\/ssl_access_log \/\/ \u4e0d\u518d\u53ebCustomLog\u4e86\r\nLogLevel warn \/\/ \u65e5\u5fd7\u7ea7\u522b\u5355\u72ec\u5b9a\u4e49\u4e86\r\nSSLEngine on \/\/ \u662f\u5426\u542f\u52a8\uff0c\u5f88\u5173\u952e\r\nSSLProtocol all -SSLv2 \/\/ \u652f\u6301\u7684ssl\u7248\u672c\uff0c-SSLv2\uff0c\u5219\u4ec5\u652f\u6301SSLv3, TLSv1\r\nSSLCipherSuite DEFAULT:!EXP:!SSLv2:!DES:!IDEA:!SEED:+3DES\r\nSSLCertificateFile \/etc\/httpd\/ssl\/httpd.crt \/\/ \u8bc1\u4e66\u6587\u4ef6\r\nSSLCertificateKeyFile \/etc\/httpd\/ssl\/httpd.key \/\/ \u79c1\u94a5\u5730\u5740\r\n<Files ~ \"\\.(cgi|shtml|phtml|php3?)$\">\r\n SSLOptions +StdEnvVars\r\n<\/Files>\r\n<Directory \"\/var\/www\/cgi-bin\">\r\n SSLOptions +StdEnvVars\r\n<\/Directory>\r\n\r\nSetEnvIf User-Agent \".*MSIE.*\" \\\r\n nokeepalive ssl-unclean-shutdown \\\r\n downgrade-1.0 force-response-1.0\r\n\t\t \r\nCustomLog logs\/ssl_request_log \\\r\n \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\\"%r\\\" %b\"\r\n<\/VirtualHost>\r\n\r\n\u5176\u4ed6\u4fe1\u606f\u4e0d\u7528\u7ba1\uff0c\u76f4\u63a5\u4fdd\u5b58\u9000\u51fa\u5373\u53ef\u3002\r\n# httpd -t \/\/ \u68c0\u67e5\u8bed\u6cd5\r\nSyntax OK\r\n[root@MyLinux conf.d]# !ser \/\/ \u91cd\u542f\u670d\u52a1\u5668\r\nservice httpd restart\r\nStopping httpd: [ OK ]\r\nStarting httpd: [ OK ]<\/code><\/pre>\n\u56db\u3001\u590d\u5236CA\u670d\u52a1\u5668\u7684cacert.pem\u5230windows\u5e76\u5b89\u88c5<\/h3>\n
\u590d\u5236CA\u670d\u52a1\u5668\u7684cacert.pem\u5230windows\uff0c\u4fee\u6539\u540d\u79f0\u4e3acacert.crt\uff0c\u53cc\u51fb\u5b89\u88c5\u8bc1\u4e66\u4e3a”\u53d7\u4fe1\u4efb\u7684\u6839\u8bc1\u4e66\u9881\u53d1\u673a\u6784”\uff0c\u7528https:\/\/hello.skelchina.com\u8bbf\u95ee\uff0c\u53d1\u73b0\u53ef\u4ee5\u8bbf\u95ee\u4e86\u3002
\n\u4e0d\u8fc7\uff0c\u5373\u4f7f\u8fd9\u6837\uff0c\u6d4f\u89c8\u5668\u4e5f\u4f1a\u63d0\u793a\u9519\u8bef\uff0c\u5728\u9ad8\u7ea7\u91cc\u9762\u53ef\u4ee5\u6dfb\u52a0\u4f8b\u5916\uff0c\u8fd9\u6837\u5c31\u80fd\u8bbf\u95ee\u4e86\u3002<\/p>\n
![\"\"](\"http:\/\/www.liutianfeng.com\/wp-content\/uploads\/2018\/02\/sslhttpd.jpg\")
<\/a><\/p>\n <\/p>\n
\u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aliutianfeng.com<\/a> » https\u529f\u80fd\u5b9e\u73b0-\u81ea\u7b7e\u8bc1\u4e66\u6d4b\u8bd5<\/a><\/p>","protected":false},"excerpt":{"rendered":"\u8bc1\u4e66\u67e5\u770b\u65e5\u671f\uff1a #openssl x509 -in ufk.yonyouup.com.crt -noout – […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[36],"tags":[],"_links":{"self":[{"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/posts\/479"}],"collection":[{"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=479"}],"version-history":[{"count":4,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/posts\/479\/revisions"}],"predecessor-version":[{"id":1097,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=\/wp\/v2\/posts\/479\/revisions\/1097"}],"wp:attachment":[{"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=479"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=479"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.liutianfeng.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=479"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}