準備
apache_1.3.29.tar.gz from http://httpd.apache.org/
openssl-0.9.7c.tar.gz from http://www.openssl.org/
php-4.3.3.tar.gz from http://www.php.net/
mod_ssl-2.8.16-1.3.29.tar.gz from http://www.modssl.org/
解壓全部
cd openssl-0.9.7c
./config -fPIC
make
make install
cd ../mod_ssl-2.8.16-1.3.29
./configure --with-apache=../apache_1.3.29 --with-ssl=../openssl-0.9.7c --prefix=/usr/local/apache
cd ../apache_1.3.29
./configure --prefix=/usr/local/apache --sysconfdir=/usr/local/apache/conf --enable-module=so \
--enable-shared=ssl --enable-module=ssl --enable-module=rewrite --enable-shared=rewrite
make
make certificate
STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:D (選 DSA)
WARNING! You're generating a DSA based certificate/key pair.
This implies that RSA based ciphers won't be available later,
which for your web server currently still means that mostly all
popular web browsers cannot connect to it. At least not until
you also generate an additional RSA based certificate/key pair
and configure them in parallel.
______________________________________________________________________
STEP 1: Generating DSA private key (1024 bit) [server.key]
Generating DSA private key via SnakeOil CA DSA parameters
109338882 semi-random bytes loaded
Generating DSA key, 1024 bits
______________________________________________________________________
STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Leave a comment