[root@up04 conf]# cd /etc/pki/tls/certs/

[root@up04 certs]# rm localhost.c* -rf

[root@up04 certs]# rm ../private/localhost.key

rm: remove regular file `../private/localhost.key'? y

[root@up04 certs]#

[root@up04 certs]# make genkey

umask 77 ; \

? ? /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

.............+++

...........+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

[root@up04 certs]#

[root@up04 certs]# make certreq

umask 77 ; \

? ? /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.csr

Enter pass phrase for /etc/pki/tls/private/localhost.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Sichuan

Locality Name (eg, city) [Default City]:Chengdu

Organization Name (eg, company) [Default Company Ltd]:uplooking ltd

Organizational Unit Name (eg, section) []:class

Common Name (eg, your name or your server's hostname) []:*.up04.com

Email Address []:admin@up04.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@up04 certs]# ls

ca-bundle.crt? ca-bundle.trust.crt? localhost.csr? make-dummy-cert? Makefile

[root@up04 certs]# make testcert

umask 77 ; \

? ? /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0

Enter pass phrase for /etc/pki/tls/private/localhost.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Sichuan

Locality Name (eg, city) [Default City]:Chengdu

Organization Name (eg, company) [Default Company Ltd]:Uplooking ltd

Organizational Unit Name (eg, section) []:class

Common Name (eg, your name or your server's hostname) []:*.up04.com

Email Address []:admin@up04.com

[root@up04 certs]# ls

ca-bundle.crt? ? ? ? localhost.crt? make-dummy-cert

ca-bundle.trust.crt? localhost.csr? Makefile

[root@up04 certs]# vim localhost.csr

[root@up04 certs]# vim localhost.crt

[root@up04 certs]# vim ../private/localhost.key

[root@up04 certs]# cp localhost.crt /usr/local/webserver/nginx/conf/cert.pem

[root@up04 certs]# openssl rsa < ../private/localhost.key > /usr/local/webserver/nginx/conf/cert.key

[root@up04 certs]# tail -35 /usr/local/webserver/nginx/conf/nginx.conf

? ? server {

? ? ? ? listen? ? ? 443;

? ? ? ? server_name? bbs.up04.com;

? ? ? ? ssl? ? ? ? ? ? ? ? ? on;

? ? ? ? ssl_certificate? ? ? cert.crt;

? ? ? ? ssl_certificate_key? cert.key;

? ? ? ? ssl_session_timeout? 5m;

? ? ? ? ssl_protocols? SSLv2 SSLv3 TLSv1;

? ? ? ? ssl_ciphers? HIGH:!aNULL:!MD5;

? ? ? ? ssl_prefer_server_ciphers? on;

? ? ? ? charset utf-8;

? ? ? ? root? /www/bbs;

? ? ? ? location / {

? ? ? ? ? ? index? index.php index.html index.htm;

? ? ? ? }

? ? ? ? location ~* \.php$ {

? ? ? ? ? ? include? ? ? ? fastcgi_params;

? ? ? ? ? ? fastcgi_pass? 127.0.0.1:9000;

? ? ? ? ? ? fastcgi_param? SCRIPT_FILENAME? $document_root$fastcgi_script_name;

? ? ? ? }

? ? ? ? error_page? 500 502 503 504? /50x.html;

? ? ? ? location = /50x.html {

? ? ? ? ? ? root? html;

? ? ? ? }

? ? }

}

Apache:

[root@up04 certs]# vim /usr/local/webserver/apache/

bin/? ? cgi-bin/ error/? icons/? lib/? ? man/? ? modules/

build/? conf/? ? htdocs/? include/ logs/? ? manual/?

[root@up04 certs]# vim /usr/local/webserver/apache/conf/httpd.conf

[root@up04 certs]# vim /usr/local/webserver/apache/conf/extra/httpd-ssl.conf

[root@up04 certs]# server.crt

[root@up04 certs]# server.key

[root@up04 certs]#

[root@up04 certs]# cp /usr/local/webserver/nginx/conf/cert.crt /usr/local/webserver/apache/conf/server.crt

[root@up04 certs]# cp /usr/local/webserver/nginx/conf/cert.key /usr/local/webserver/apache/conf/server.key

[root@up04 certs]#

[root@up04 certs]# /usr/local/webserver/nginx/sbin/nginx -s stop

[root@up04 certs]# /usr/local/webserver/apache/bin/apachectl -k start

[root@up04 certs]# ps -ef | grep httpd

root? ? ? 4458? ? 1? 6 11:42 ?? ? ? ? 00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache? ? 4459? 4458? 0 11:42 ?? ? ? ? 00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache? ? 4461? 4458? 0 11:42 ?? ? ? ? 00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache? ? 4462? 4458? 0 11:42 ?? ? ? ? 00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache? ? 4466? 4458? 0 11:42 ?? ? ? ? 00:00:00 /usr/local/webserver/apache/bin/httpd -k start

root? ? ? 4547? 3233? 0 11:42 pts/2? ? 00:00:00 grep httpd

[root@up04 certs]#

openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt