1.从服务器上生成证书签名请求(CSR):
openssl req -new -newkey rsa:2048 -nodes -keyout hug.app.key -out hug.app.csr注:执行完之后会在服务器/root/目录下生成key和csr两个文件
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: 国家
State or Province Name (full name) [Some-State]: 省
Locality Name (eg, city) []: 市
Organization Name (eg, company) [Internet Widgits Pty Ltd]: 公司名称
Organizational Unit Name (eg, section) []: 组织名称
Common Name (e.g. server FQDN or YOUR name) []: 需要配置SSL的域名
Email Address []: 电子邮箱
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: 可以不填
An optional company name []: 可以不填2.在Godaddy SSL证书管理页面下输入证书签名请求(CSR),就是刚才在服务器上生成的csr文件内容,然后提交等待颁发证书
3.待审核完毕后(时间可能较长,需耐心等待)选择下载对应服务器类型的证书,放在服务器/root/目录下,以Apache为例:(两个crt,一个pem文件),合并两个文件。
cat b5ad1ed09b8e5119.crt gd_bundle-g2-g1.crt > hug.app.crt注:记住一定是53….crt在前,gd_…crt在后
4.验证秘钥与证书是否匹配:(输出一样表示是匹配的)
openssl x509 -noout -modulus -in hug.app.crt | openssl md5
(stdin)= 3638b45d2bec6eb1f12dd64cd364ff05
openssl rsa -noout -modulus -in hug.app.key | openssl md5
(stdin)= 3638b45d2bec6eb1f12dd64cd364ff055.将合并后的crt证书和key文件放在/Apache2/ssl/目录中,配置:
ssl_certificate /etc/apache2/ssl/hug.app.crt
ssl_certificate_key /etc/apache2/ssl/hug.app.key
