[root@up04 conf]# cd /etc/pki/tls/certs/

[root@up04 certs]# rm localhost.c* -rf

[root@up04 certs]# rm ../private/localhost.key

rm: remove regular file `../private/localhost.key'? y

[root@up04 certs]#

[root@up04 certs]# make genkey

umask 77 ; \

    /usr/bin/openssl genrsa -aes128 2048 > /etc/pki/tls/private/localhost.key

Generating RSA private key, 2048 bit long modulus

.............+++

...........+++

e is 65537 (0x10001)

Enter pass phrase:

Verifying - Enter pass phrase:

[root@up04 certs]#

[root@up04 certs]# make certreq

umask 77 ; \

    /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -out /etc/pki/tls/certs/localhost.csr

Enter pass phrase for /etc/pki/tls/private/localhost.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Sichuan

Locality Name (eg, city) [Default City]:Chengdu

Organization Name (eg, company) [Default Company Ltd]:uplooking ltd

Organizational Unit Name (eg, section) []:class

Common Name (eg, your name or your server's hostname) []:*.up04.com

Email Address []:admin@up04.com

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

[root@up04 certs]# ls

ca-bundle.crt  ca-bundle.trust.crt  localhost.csr  make-dummy-cert  Makefile

[root@up04 certs]# make testcert

umask 77 ; \

    /usr/bin/openssl req -utf8 -new -key /etc/pki/tls/private/localhost.key -x509 -days 365 -out /etc/pki/tls/certs/localhost.crt -set_serial 0

Enter pass phrase for /etc/pki/tls/private/localhost.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:CN

State or Province Name (full name) []:Sichuan

Locality Name (eg, city) [Default City]:Chengdu

Organization Name (eg, company) [Default Company Ltd]:Uplooking ltd

Organizational Unit Name (eg, section) []:class

Common Name (eg, your name or your server's hostname) []:*.up04.com

Email Address []:admin@up04.com

[root@up04 certs]# ls

ca-bundle.crt        localhost.crt  make-dummy-cert

ca-bundle.trust.crt  localhost.csr  Makefile

[root@up04 certs]# vim localhost.csr

[root@up04 certs]# vim localhost.crt

[root@up04 certs]# vim ../private/localhost.key

[root@up04 certs]# cp localhost.crt /usr/local/webserver/nginx/conf/cert.pem

[root@up04 certs]# openssl rsa < ../private/localhost.key > /usr/local/webserver/nginx/conf/cert.key

[root@up04 certs]# tail -35 /usr/local/webserver/nginx/conf/nginx.conf

    server {

        listen      443;

        server_name  bbs.up04.com;

        ssl                  on;

        ssl_certificate      cert.crt;

        ssl_certificate_key  cert.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv2 SSLv3 TLSv1;

        ssl_ciphers  HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers  on;

        charset utf-8;

        root  /www/bbs;

        location / {

            index  index.php index.html index.htm;

        }

        location ~* \.php$ {

            include        fastcgi_params;

            fastcgi_pass  127.0.0.1:9000;

            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

        }

        error_page  500 502 503 504  /50x.html;

        location = /50x.html {

            root  html;

        }

    }

}

Apache:

[root@up04 certs]# vim /usr/local/webserver/apache/

bin/    cgi-bin/ error/  icons/  lib/    man/    modules/

build/  conf/    htdocs/  include/ logs/    manual/ 

[root@up04 certs]# vim /usr/local/webserver/apache/conf/httpd.conf

[root@up04 certs]# vim /usr/local/webserver/apache/conf/extra/httpd-ssl.conf

[root@up04 certs]# server.crt

[root@up04 certs]# server.key

[root@up04 certs]#

[root@up04 certs]# cp /usr/local/webserver/nginx/conf/cert.crt /usr/local/webserver/apache/conf/server.crt

[root@up04 certs]# cp /usr/local/webserver/nginx/conf/cert.key /usr/local/webserver/apache/conf/server.key

[root@up04 certs]#

[root@up04 certs]# /usr/local/webserver/nginx/sbin/nginx -s stop

[root@up04 certs]# /usr/local/webserver/apache/bin/apachectl -k start

[root@up04 certs]# ps -ef | grep httpd

root      4458    1  6 11:42 ?        00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache    4459  4458  0 11:42 ?        00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache    4461  4458  0 11:42 ?        00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache    4462  4458  0 11:42 ?        00:00:00 /usr/local/webserver/apache/bin/httpd -k start

apache    4466  4458  0 11:42 ?        00:00:00 /usr/local/webserver/apache/bin/httpd -k start

root      4547  3233  0 11:42 pts/2    00:00:00 grep httpd

[root@up04 certs]#

openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt