StartSSL免费SSL证书操作步骤
一、让你的php程序支持ssl链接(https)
SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网
络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
在php里面支持https,需打开php.ini配置文件中的openssl组件打开,把;extension=php_openssl.dll前面的分
号去掉即可
extension=php_openssl.dll
二、如果网页使用https访问,在网页开头加入以下代码:
<?php
//http转化为https
if ($_SERVER["HTTPS"] && $_SERVER["HTTPS"]=="on")
{
$xredir="https://".$_SERVER["SERVER_NAME"].
$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}
?>
三、全球可信并且唯一免费的HTTPS(SSL)证书颁发机构:StartSSL
http://blog.s135.com/startssl/说明
http://www.startssl.com证书下载
先注册,等审核,再认证
四、Apache Web Server配置
https://www.startssl.com/?app=21
add at least the following lines to your httpd.conf or ssl.conf file:
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost _default_:443>
DocumentRoot /home/httpd/private
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /home/chenxb/ssl.crt
SSLCertificateKeyFile /home/chenxb/ssl.key
SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot /home/httpd/private
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /home/chenxb/ssl.crt
SSLCertificateKeyFile /home/chenxb/ssl.key
SSLCertificateChainFile /home/chenxb/sub.class1.server.ca.pem
SSLCACertificateFile /home/chenxb/ca.pem
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
注:如果提示443被占用或LoadModule ssl_module error,请查看conf.d/ssl.conf中是否已经设置了443端口
;如果有,直接把下面四行加进去或修改下:
SSLCertificateFile /home/chenxb/证书名称.crt
SSLCertificateKeyFile /home/chenxb/私钥名称.key
SSLCertificateChainFile /home/chenxb/sub.class1.server.ca.pem
SSLCACertificateFile /home/chenxb/ca.pem
五、http://www.freehao123.com/startssl-ssl/
生成私钥,为私钥提供一个密码,最少10位,最大32位。
私钥key:xxxkey
把下面内容保存为:私钥名称.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,434D7004E56BE71FB0F627C1B0A31D1F
h8fhwq3QzAe9s9AlTbs7riZGeZJOL4kEUFVlAm4txAkbPSxMBIpfhhEPNaQnp8KZ
fnrYTMDysO2ibPyGlzpklKRd9kfx1BDLZWqKcT2BTuejR07t5l+Q6QIYN0qAgbDO
3R51eY9zvF1uRTIwmtYOzNa5Flm2pVH9p9Tf1fC767vCHIDgee6Cqwt4Qyp9Kg9V
OaVYK+is5T6Qt9PP620bGaKzpkYlf1dS/aQsiNEq+/p6dfi06eVPvPD1eNx+J1On
/bfnFw7jHMtX8FqO+k91FvN1cEbfMvLxYMDVLwIbzmVakuP6Z65aU/X17bcetcvN
Hzl0JZbNfKPjc3dY/qLfG/yCj4nZCBcTklV5vevhgIZUWjcPwAJKWV3cRsioTLSM
eLBjBJrWPjZPP816kX50L8r4kpqA898SJHySZkHmItdKJ5IWPNEpQSR9+Xj4QO51
4PnUrpnnkoc8zkAKsZjKYLqubbUhAIJ9gCsRQBMMfUKXqEHQQAnuSRLw+Y8ZbefF
JbnMKYruXSVgiv/H62V4x4lxqslzaJJbDZYx0VoP09jQ9Ib2D/234BvcpB0AFR/K
pNdAstJgrf67hZfsMDkILMlvNnT7jDAsfKcoLHuSxHDth3zFdFQGVk7h7IV//6dC
bxMk7Say/gQm3WX3aYsfTbBS/fqz4HEkN0xD65mAmaXCbTmdmpIb7RxyJxJGjBMx
bskScHIyEKTJ3XdyemrthOjzDhrwI9yyjKMci4R0DURyrh5iiw4NC6qVJh92WgZn
bdsEhUmqd+D4WNyn8NNsy2A7xowpnHOKmmBinbzjmT1SvyGDIUmbJHF2m4kf04QZ
soqgIvT3gwJgHh9NPbrk4u9ZVmWjqUw0dZ2lkKKsz9ULfq3udgK6fJ5xagt1oSnp
-----END RSA PRIVATE KEY-----
把下面内容保存为:证书名称.crt
-----BEGIN CERTIFICATE-----
MIIGUzCCBTugAwIBAgIDDqwLMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ
TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0
MSBQcmltYXJ5IEludGVybWVkaWF0ZSBTZXJ2ZXIgQ0EwHhcNMTQwMjIwMjA1MzI4
WhcNMTUwMjIxMTMwNTU1WjBkMRkwFwYDVQQNExB5ZWtKbEdoNGF6NTVyTnUyMQsw
CQYDVQQGEwJDTjEZMBcGA1UEAxMQd3d3LnRvdWNob21lLm5ldDEfMB0GCSqGSIb3
DQEJARYQdHdzQHRvdWNob21lLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5rJaP1WP6u3NBy4vCe9sgxj7QRvdOPzQKyt5yQ1AmGg/j6raGtUJ3+
ooLQ0PeqbnM5kci17cEviIl+bdTUnwxouuMzwjplXziISV+n+CZ2tLnq9msADmGx
PbSIptJLmuEK99SE99eCZSq1uPs1YcxPAzLm4OP74xkVlU6X0lM+zOdPTT+Xd+b2
wX9pAT4FwfTP996HNZ2JcsdBesTWLd+Y6d9Y/s3FynIY45eX3t31D9ORHIsFSu8t
BIigoEqirdzywolndKxyBRgyliMvEBYFsv6fo8O17PwIQnXNyzSFB1AnxdUcl1cm
2ZIWMvjmUYSPYzWtgk++byoeopMNqQECAwEAAaOCAuMwggLfMAkGA1UdEwQCMAAw
CwYDVR0PBAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBRyD27+
RST1t2yuWCb2kjuOAwCUFTAfBgNVHSMEGDAWgBTrQjTQmLCrn/Qbawj3
b20vMA0GCSqGSIb3DQEBBQUAA4IBAQCHVFNPjFeWcA09rdd/86E4o//6FAG5GEZw
FoBy5VdBWXI4USnYxd83OaacWxu0z+gdxOSd6ngzviS7eTGi3UbqL/mfWlkxnG25
VkCnr4/y9pFT1lUVMsKVQBS9bAzYu3m74GJRmDq7WRCOaEsYiel+DbNe7DvpdW66
gnJ9zmsPcBBVu54KdcTau72DyDs2ONsebZo4GXGhWjJdX5dTili1q9mdFPBjJyjm
WRz3iwNIOTpxaNhinhen5BwuvAn9OLaLJrpD9k7iOcQe/dXS0zrszPbucI0VzzF2
g7SzWBDda4tXc0BA0/p7J1WR2jvPdwj3wdee2RKqZcg+1nfypc1+
-----END CERTIFICATE-----
第六:登录后,The Toolbox >> StartCom CA Certificates
另存下载:sub.class1.server.ca.pem和ca.pem
以上为个人操作记录,详细请参考:http://www.freehao123.com/startssl-ssl/