啟用 ssl 模組
參閱2018 SSL安裝
PHP 業餘玩家: SSL 安裝 (beclass.blogspot.com)
a2enmod ssl啟用 ssl 虛擬站台
a2ensite default-ssl
重啟 apache
sudo service apache2 restart
修改憑證路徑(private.key,public.crt/pem)
sudo nano /etc/apache2/sites-enabled/default-ssl.conf
**記得防火牆443要開
-------------------------
SSLCertificateFile /etc/ssl/6123456.crt
SSLCertificateKeyFile /etc/ssl/your_own.key
SSLCertificateChainFile /etc/ssl/gd_bundle-g2-g1.crt
--------------------------------------------------------
The .crt file is sent to everything that connects; it is public.
(chown root:root and chmod 644)
基本上 crt:
sudo chmod 755 /etc/ssl/ur_own_define_ssl_folder
sudo chown -R root:root /etc/ssl/ur_own_define_ssl_folder/
sudo chmod 644 /etc/ssl/ur_own_define_ssl_folder/*.crt
To add to the private key location; make sure you secure it properly as well as having it in there. (chown root:ssl-cert and chmod 640)
sudo chmod 710 /etc/ssl/private
sudo chown -R root:ssl-cert /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/*.key
----------------------------------------------------------------------
apache2ctl configtest
Restart Apache2 servicesudo service apache2 restartor
sudo systemctl restart apache2.service
-----------------------------------------------------------
產生CSR檔
使用root登入後,執行:
openssl req -new -newkey rsa:2048 -nodes -keyout 您的網域.key -out 您的網域.csr
說明:
你將需要提供以下資訊給你的CSR檔:
Country Name (2 letter code) [AU]: TW
State or Province Name (full name) [Some-State]: Taiwan
Locality Name (eg, city) []: Taipei
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Hello Company
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.website.com (網站網址)
Email Address []: service@websit.com
Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password []: 直接Enter
An optional company name []: 直接Enter -
在文字編輯器內開啟 CSR,並複製全部文字內容。
將全部 CSR 貼至您帳戶中的 SSL 註冊表。
