Manual:Installing MediaWiki With SSL/zh

=环境= RHEL5.5 X64 =创建私钥= [root@wiki certs]# pwd /etc/pki/tls/certs [root@wiki certs]# make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 1024 > server.key Generating RSA private key, 1024 bit long modulus ................++++++ ........++++++ e is 65537 (0x10001) Enter pass phrase:输入密码 Verifying - Enter pass phrase:再次输入密码 =证书签发请求(Certificate Signing Request) (CSR)= [root@wiki certs]# make server.csr umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr Enter pass phrase for server.key:私钥口令 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. - Country Name (2 letter code) [GB]:CN State or Province Name (full name) [Berkshire]:BeiJin Locality Name (eg, city) [Newbury]:BeiJin Organization Name (eg, company) [My Company Ltd]:atyu30.org Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:wiki.atyu30.org Email Address []:ipostfix@gmail.com

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:wiki.atyu30.org An optional company name []:wiki.atyu30.org

=创建CA= [root@wiki certs]# openssl x509 -in server.csr -req -signkey server.key -days 365 -out server.crt Signature ok subject=/C=CN/ST=BeiJin/L=BeiJin/O=atyu30.org/CN=wiki.atyu30.org/emailAddress=ipostfix@gmail.com Getting Private key Enter pass phrase for server.key:

=Apache SSL安装= yum install httpd mod_ssl =安装证书= [root@wiki certs]# ls server.* server.crt server.csr  server.key 最后，需要调整/etc/httpd/conf.d/ssl.conf正确引用我们创建的证书. 然后启动服务. [root@wiki conf.d]# cat ssl.conf ............. SSLCertificateFile /script/server.crt SSLCertificateKeyFile /script/server.key .................. 自己注意调整其它地方，如#DocumentRoot的注释等.

=http ssl 虚拟主机配置= [root@wiki conf.d]# cat /etc/httpd/conf.d/ssl.conf | grep -v ^# | grep -v ^$ > wiki.atyu30.org.conf 在/etc/httpd/conf/httpd.conf 中添加: NameVirtualHost *:443

=启动httpd= [root@wiki conf.d]# /etc/init.d/httpd start 启动 httpd：[Fri Oct 29 22:50:55 2010] [error] VirtualHost *:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results [确定] [root@wiki conf.d]# httpd -S [Fri Oct 29 23:07:33 2010] [error] VirtualHost *:443 -- mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: default server wiki.atyu30.org (/etc/httpd/conf.d/wiki.atyu30.org.conf:15) port 443 namevhost wiki.atyu30.org (/etc/httpd/conf.d/wiki.atyu30.org.conf:15) Syntax OK 解决办法：
 * is a NameVirtualHost

在/etc/httpd/conf/httpd.conf 中添加:

NameVirtualHost *:443