如何生成SSL证书并搭建API

手机想上twitter,琢磨搭个API用用,结果被告知现在没有SSL加密的API搭一个死一个,没法只好申请SSL证书。简略记一下设置过程…

1、生成RSA密钥
openssl genrsa -des3 -out username.pem 2048
去除key文件口令的命令:
openssl rsa -in username.pem -out username.pem

2、生成一个证书
openssl req -new -key username.pem -out username.csr
可以拿着这个文件去CA申请一个数字证书。CA会给你一个新的文件CA.pem。

3、去CA申请数字证书
具体过程可参考:http://www.kins.ws/blog/startssl-certificate-apply.html

4、生成证书后开始配置
参考:
<VirtualHost _default_:443>
DocumentRoot /home/httpd/private
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem
SSLCACertificateFile /usr/local/apache/conf/ca.pem
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>

5、上传证书文件

6、设置twip,大功告成。

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.