How to install ssl certificate in apache

How to install ssl certificate on apache

Now most websites are https, https is more secure than http, browsing When accessing an https website, there will be a small lock in front of the address bar. Let me explain to you how to add https to your website.

Paid SSL certificates are very expensive. As individual webmasters, we can choose free SSL certificates. Domain name service providers such as Tencent Cloud and Alibaba Cloud will provide free application channels.

Apply for a certificate Download the Apache version certificate in the certificate console.

Friendly reminder: The certificate file with the .crt extension uses a Base64-encoded PEM format text file, which can be modified to a .pem or other extension as needed.

Take the Apache standard configuration as an example. If the certificate file name is a_public.crt, the certificate chain file is a_chain.crt, and the private key file is a .key.

Operation steps

1. Create the cert directory in the Apache installation directory, and copy all the downloaded files to the cert directory. If you create a CSR file yourself when applying for a certificate, please put the corresponding private key file in the cert directory and name it a.key;

2. Open httpd.conf in the conf directory under the apache installation directory file, find the following content and remove the "#".

#LoadModule ssl_module modules/mod_ssl.so (如果找不到请确认是否编译过 openssl 插件)
#Include conf/extra/httpd-ssl.conf（删除行首的配置语句注释符号“#”，保存后退出）

Remove the # in front of lines 138 and 505

3. Open the conf/extra/httpd-ssl.conf file in the apache installation directory (also It may be conf.d/ssl.conf, related to the operating system and installation method). Find the following configuration statement in the configuration file:

# 添加 SSL 协议支持协议，去掉不安全的协议
SSLProtocol all -SSLv2 -SSLv3
# 修改加密套件如下
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLHonorCipherOrder on
# 证书公钥配置
SSLCertificateFile cert/a_public.crt
# 证书私钥配置
SSLCertificateKeyFile cert/a.key
# 证书链配置，如果该属性开头有 '#'字符，请删除掉
SSLCertificateChainFile cert/a_chain.crt

4. Restart Apache.

For more Apache related knowledge, please visit the Apache usage tutorial column!

The above is the detailed content of How to install ssl certificate in apache. For more information, please follow other related articles on the PHP Chinese website!