Apache安装SSL证书

1.创建私钥(可选,用于申请证书):

openssl genrsa 2048 > private-key.pem

2.创建证书签名 (CSR,可选):

openssl req -new -key private-key.pem -out csr.pem

3.上传到服务器:

scp ./STAR_yourdomain_com/* yourdomain:/etc/pki/tls/private/

4.合并正规渠道获得的证书:

cat STAR_yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

5.配置Apache(不再累述详细配置过程):

<VirtualHost *:443>
  ServerName *.yourdomain.com
  SSLEngine on

  SSLCertificateFile /etc/pki/tls/private/STAR_yourdomain_com.crt
  SSLCertificateKeyFile /etc/pki/tls/private/STAR_yourdomain_com.key
  SSLCertificateChainFile /etc/pki/tls/private/ssl-bundle.crt
  SSLCACertificateFile /etc/pki/tls/private/AddTrustExternalCARoot.crt
</VirtualHost>