在配置完/etc/httpd/conf.d/ssl.conf文件之后,进行配置文件语法正确性测试时,报语法错误如下:
httpd -tSyntax error on line 5 of /etc/httpd/conf.d/ssl.conf:Invalid command 'SSLPassPhraseDialog', perhaps misspelled or defined by a module not included in the server configuration |
移除ssl.conf文件之后,语法检查正确,列出httpd的模块检查:
httpd -MLoaded Modules:core_module (static)mpm_prefork_module (static)http_module (static)so_module (static)auth_basic_module (shared)auth_digest_module (shared)authn_file_module (shared)authn_alias_module (shared)authn_anon_module (shared)authn_dbm_module (shared)authn_default_module (shared)authz_host_module (shared)authz_user_module (shared)authz_owner_module (shared)authz_groupfile_module (shared)authz_dbm_module (shared)authz_default_module (shared)ldap_module (shared)authnz_ldap_module (shared)include_module (shared)log_config_module (shared)logio_module (shared)env_module (shared)ext_filter_module (shared)mime_magic_module (shared)expires_module (shared)deflate_module (shared)headers_module (shared)usertrack_module (shared)setenvif_module (shared)mime_module (shared)dav_module (shared)status_module (shared)autoindex_module (shared)info_module (shared)dav_fs_module (shared)vhost_alias_module (shared)negotiation_module (shared)dir_module (shared)actions_module (shared)speling_module (shared)userdir_module (shared)alias_module (shared)rewrite_module (shared)proxy_module (shared)proxy_balancer_module (shared)proxy_ftp_module (shared)proxy_http_module (shared)proxy_connect_module (shared)cache_module (shared)suexec_module (shared)disk_cache_module (shared)file_cache_module (shared)mem_cache_module (shared)cgi_module (shared)version_module (shared)proxy_ajp_module (shared)Syntax OK |
发现apache2没有加载ssl_module,并且/etc/httpd/modules目录中无mod_ssl.so文件,需要在线安装:
yum search mod_sslmod_ssl.x86_64 : SSL/TLS module for the Apache HTTP server |
yum install mod_sslInstalled: mod_ssl.x86_64 1:2.2.3-43.el5.centosDependency Installed: distcache.x86_64 0:1.4.5-14.1Updated: httpd.x86_64 0:2.2.3-43.el5.centosComplete! |
安装mod_ssl会增加一个用户类型,所以会修改/etc/passwd文件。
安装完成之后,修改ssl.conf文件,在文件顶部添加以下一行代码,加载ssl_module:
LoadModule ssl_module modules/mod_ssl.soListen 443AddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crlSSLPassPhraseDialog builtinSSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)SSLSessionCacheTimeout 300SSLMutex default<VirtualHost _default_:443> DocumentRoot "/path/to/wwwroot" ServerName www.test.com:443 ServerAdmin test@gmail.com SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/cacertificate.crt <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0</VirtualHost> |
再测试httpd配置文件:
httpd -tSyntax OK |