Lao Zuo's previous comments on SSL Certificate Installation In this article, the application and installation of certificates are basically completed in the Nginx environment, and the installation of SSL certificates in the Apache environment is relatively rare. A few days ago, there was a netizen project that needed to configure the certificate you applied for in the Apache environment. It's not good that Let's Encrypt automatically applied for it in his panel (fortunately, people bought the paid certificate).
Whether we use the one click package LAMP or the pagoda panel, the installation method is similar, except that some configuration files are not in a specific directory, and we need to find the corresponding file path according to different configuration WEB environments. In the future, if you encounter a specific panel environment or one click package, you can share it separately. Today, we mainly share the general method of modifying the certificate configuration SSL under Linux Apache.
First, preparations
1. Backup is important
If we are really not familiar with it, we still need to back up the system environment or website data first to ensure that the data can be recovered in case of system failure. Or we can test in a similar test environment first, and then operate in the production environment after skilled workers.
2. Request SSL Certificate
Whether we apply for free certificates or paid certificates, we usually apply for an SSL certificate package, including certificates for Apache, Nginx and other environments. Here we only need to use the certificate of the Apache environment. There are three files (two. crt files and one. key file).
3. Certificate upload
Upload the three certificate files to our corresponding management directory. Here we put them in the apache/conf/ssl directory.
Second, modify the configuration file
httpd.conf
We need to modify the configuration file and remove the # in front of the two files.
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd-ssl.conf
If the shmcb error occurs later, you can refer to“ Resolve the problem of "SSLSessionCache: 'shmcb' session cache not supported" "Article, and then remove the # comment in front of" LoadModule socache_shmcb_module modules/mod_socache_shmcb.so ".
![Sorting out methods for configuring SSL certificates in general Linux Apache Web environment](https://images.laozuo.org/wp-content/uploads/2017/12/apache-ssl-1.jpg)
Third, add certificate configuration
extra/httpd-ssl.conf
Here we need to configure the certificate in the httpd-ssl.conf file.
VirtualHost _default_:443
Find the script location and add it directly below
DocumentRoot "/www/wwwroot/www.laobuluo.com"
ServerName www.laobuluo.com:443
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
SSLCertificateFile /www/server/apache/conf/ssl/laobuluo.com.crt
SSLCertificateKeyFile /www/server/apache/conf/ssl/laobuluo.com.key
SSLCertificateChainFile /www/server/apache/conf/ssl/laobuluo.com_bundle.crt
Refer to similar, and then replace the directory and certificate directory corresponding to the site in our server with our own file. There are three certificate files in total.
![Sorting out the methods of configuring SSL certificates in the general Linux Apache Web environment - Page 2 Sorting out the methods of configuring SSL certificates in the general Linux Apache Web environment - Page 2](https://images.laozuo.org/wp-content/uploads/2017/12/apache-ssl-2.jpg)
At the same time, we need to add # in front of the fixed certificate path in front of "SSLCertificateFile" and "SSLCertificateKeyFile" in the following places, because we have added it.
Fourth, restart Apache to take effect
service httpd restart
This depends on our system restart command. Some are not. Check whether it takes effect after restart. By default, http does not automatically jump to https. We need to set it in. htaccess of the current site( Apache modifies the. htaccess file to enforce HTTPS address access )。
Scan the code to follow the official account
Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge