- 创建私钥(可选,用于申请证书):
openssl genrsa 2048 > private-key.pem
- 创建证书签名 (CSR,可选):
openssl req -new -key private-key.pem -out csr.pem
- 上传到服务器:
scp ./STAR_yourdomain_com/* yourdomain:/etc/pki/tls/private/
- 合并正规渠道获得的证书:
cat STAR_yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
- 配置Apache(不再累述详细配置过程):
<VirtualHost *:443>
ServerName *.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/private/STAR_yourdomain_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/STAR_yourdomain_com.key
SSLCertificateChainFile /etc/pki/tls/private/ssl-bundle.crt
SSLCACertificateFile /etc/pki/tls/private/AddTrustExternalCARoot.crt
</VirtualHost>