[研究] Apache 2.4.25 (https) + OpenSSL 1.0.1e (yum) 安裝(CentOS 7.3)

[研究] Apache 2.4.25 (https) + OpenSSL 1.0.1e (yum)安裝(CentOS 7.3)

2016-12-30

CentOS 7.3 的 yum 目前只能安裝 httpd 到 2.4.6 版，如果想要安裝 2.4.25版

[root@localhost conf]# yum list | grep httpd.x86_64
httpd.x86_64                               2.4.6-45.el7.centos         base
libmicrohttpd.x86_64                       0.9.33-2.el7                base

[root@localhost conf]# yum list | grep openssl.x86_64
openssl.x86_64                             1:1.0.1e-60.el7             @anaconda
apr-util-openssl.x86_64                    1.5.2-6.el7                 base
xmlsec1-openssl.x86_64                     1.2.20-5.el7                base
[root@localhost conf]#

開始安裝、啟動

yum  -y  install  openssl-devel  apr-util-devel  pcre-devel  gcc

cd  /usr/local/src
wget  http://apache.stu.edu.tw//httpd/httpd-2.4.25.tar.gz
tar  xvfz httpd-2.4.25.tar.gz
cd  httpd-2.4.25
./configure --enable-ssl --enable-cgid --enable-rewrite --enable-so
make
make install

echo  "LoadModule ssl_module modules/mod_ssl.so"  >>  /usr/local/apache2/conf/httpd.conf
echo  "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so"  >>  /usr/local/apache2/conf/httpd.conf
echo  "Include conf/extra/httpd-ssl.conf"  >>  /usr/local/apache2/conf/httpd.conf

cd  /usr/local/apache2/conf
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

/usr/local/apache2/bin/httpd  -k  restart


如果要使用 AES256 加密，會要求輸入至少4位數的密碼，而且啟動 httpd 時候也會要求輸入，有些麻煩。

[root@localhost conf]# openssl genrsa -aes256 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
....................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
139640097662880:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:869:You must type in 4 to 8191 characters
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
[root@localhost conf]#


[root@localhost conf]# /usr/local/apache2/bin/httpd -k restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
httpd not running, trying to start
[root@localhost conf]#

(完)

相關

[研究] Apache 2.4.25 (https) + OpenSSL 1.0.1e (yum) 安裝(CentOS 7.3)

[研究] Apache HTTPd Web Server 2.4.6 + HTTPS (SSL) yum 安裝 (CentOS 7.2 x64)
http://shaurong.blogspot.com/2016/08/apache-httpd-web-server-246-https-ssl.html