PositiveSSL 部署记录[Apache]



  • 生成csr和key,用于生成证书
[skidu@localhost ~]# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Generating a 2048 bit RSA private key
writing new private key to 'server.key'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:CN                       # CN
State or Province Name (full name) []:Beijing              # 地区
Locality Name (eg, city) [Default City]:Beijing            # 地区
Organization Name (eg, company) [Default Company Ltd]:     # 公司、组织名称等
Organizational Unit Name (eg, section) []:                 # 部门名称,也可以和前一项一样
Common Name (eg, your name or your server's hostname) []:  # 证书对应的域名,如 www.skidu.me 
                                                           # 如果是Wildcard Certificate则可以用通配符,如 *.skidu.me
Email Address []:                                          # 管理员邮箱,一般是 postmaster@domain.com 格式

lease enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:                        # 管理密码,根据需要设置或者流寇
An optional company name []:                    # 
  • 将server.csr的内容在namecheap页面提交后会收到一封来自comodo.com的确认信,然后拿着信中提供的验证码到指定的地方去完成验证。
  • 接着就会收到一封带有附件的邮件了,附件内容列表大致如下
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODORSAAddTrustCA.crt
Intermediate CA Certificate - COMODORSADomainValidationSecureServerCA.crt
Your PositiveSSL Wildcard Certificate -www_skidu_me.crt
  • 至此申请步骤结束


  • 上传邮件附件至服务器任意位置(假设是/path/to/ssl)
  • 提取CA证书(以前他家是会直接提供一个叫PositiveCA的证书的,现在貌似没有了)
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ca.crt
  • 编辑httpd.conf,打开下列module的引用
  • 让apache监听443端口
Listen 443
  • 配置虚拟主
<VirtualHost *:443>
    ServerName www.skidu.me
    DocumentRoot /data/skidume
    DirectoryIndex index.php index.html
    SSLEngine on
    SSLCertificateFile    "/path/to/ssl/www_skidu_me.crt"
    SSLCertificateKeyFile "/path/to/ssl/server.key"
    SSLCertificateChainFile "/path/to/ssl/ca.crt"

    BrowserMatch MSIE \
        nokeepalive \
        ssl-unclean-shutdown \
        downgrade-1.0 \

    <Directory /data/skidume>
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Allow from all
        Require all granted
        php_admin_value open_basedir /data/skidume:/data/tmp
  • 重启apache,大功告成

标签: ssl apache, positivessl, positivessl apache

Deprecated: strlen(): Passing null to parameter #1 ($string) of type string is deprecated in /data/apps/skidu/var/Typecho/Request.php on line 310

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /data/apps/skidu/var/Typecho/Db/Adapter/Pdo/Mysql.php on line 65

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /data/apps/skidu/var/Typecho/Db/Adapter/Pdo/Mysql.php on line 65