我遵循本教程为我的AWS SSL csr.pem生成了private-key.pem和csr.pem 。 一切顺利,但现在我需要设置Apache,并需要3个文件。
SSLCertificateFile /etc/pki/tls/certs/public.crt SSLCertificateKeyFile /etc/pki/tls/certs/private.key SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
从我的文件private-key.pem , csr.pem , cert.pem和ca.pem
我怎样才能生成public.crt , private.key和intermediate.crt ?
这里是我的.conf条目
<VirtualHost *:80> DirectoryIndex index.html index.php ServerName www.mydomain.com ServerAlias mydomain.com DocumentRoot /var/www/mydomain.com ErrorLog /var/log/conf.log <Directory /var/www/mydomain.com> AllowOverride All Allow from all </Directory> </VirtualHost> <VirtualHost *:443> DirectoryIndex index.html index.php ServerAdmin [email protected] DocumentRoot /var/www/mydomain.com ServerName www.mydomain.com ErrorLog /var/log/conf.log SSLEngine on SSLProtocol all SSLCertificateFile /etc/pki/tls/certs/cert.pem SSLCertificateKeyFile /etc/pki/tls/certs/private-key.pem SSLCertificateChainFile /etc/pki/tls/certs/ca.pem #ServerPath /home <Directory "/var/www/mydomain.com"> </Directory> </VirtualHost> SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 Mutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin
不要被文件扩展名所迷惑 – 它们在Unix系统上的意义不大。
SSLCertificateKeyFile应该指向一个PEM格式的密钥文件,你的私钥key.pem应该都准备好了。 所以你可以在你的Apacheconfiguration中指向它。
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatekeyfile