（1）先按装mod_ssl

yum install mod_ssl
完毕后在
/etc/httpd/conf.d/下会有一个ssl.conf的文件,打开
主要是看下证书及密钥的位置
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

（2）生成密钥,

进入/etc/pki/tls/private，
删除原来的localhost.key
rm -f localhost.key
生成新的localhost.key:
openssl genrsa 1024 > localhost.key
返回到certs目录
cd ../certs
删除原来的证书
rm -rf localhost.crt
生成新的
openssl req -new -x509 -days 365 -key ../private/localhost.key -out localhost.crt
填写需要填写的信息，证书就生成了

这里为什么要用localhost.crt这样的名子，是因为在ssl.conf就是这样子指定的，这两个地方要一样。

重启apache，配置结束
现在就可以通过https访问网站

可能需要开发端口443号：iptables -I INPUT -p TCP –dport 443 -j ACCEPT

Apache下设置自动将http跳转到https方法
启用了https的ssl证书，现在需要将原先的http直接跳转到https上，下面我给出我经常使用的方法，利用伪静态功能

首先在网站根目录下创建.htaccess文件，如果目录下已经有.htaccess文件，则用vi或者其他编辑器打开，在最下面添加写入如下语句即可

RewriteEngine on  
RewriteBase /  
RewriteCond %{SERVER_PORT} !^443$  
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

apache的虚拟主机配置

1、在httpd.conf中打开vhosts和ssl的配置文件

# vi /usr/local/apache/conf/httpd.conf
打开vhosts配置
跳转到447行和459行
取消掉Include conf/extra/httpd-vhosts.conf和Include conf/extra/httpd-ssl.conf之前的注释

2、配置vhosts

# vi /usr/local/apache/conf/extra/httpd-vhosts.conf
特别需要注意443段的配置，可在httpd-ssl.conf中找到相关说明

NameVirtualHost *:80  
NameVirtualHost *:443  
  
DocumentRoot "/data/www/"  
ServerName 192.168.1.201  
  
Order allow,deny  
Allow from all  
Options -Indexes FollowSymLinks  
AllowOverride All  
  
  
   
  
DocumentRoot "/data/www/"  
ServerName 192.168.1.201:443  
SSLEngine on  
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL  
SSLCertificateFile "/usr/local/apache/conf/ssl.key/server.cert"  
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/server.key"  
  
SSLOptions +StdEnvVars  
  
  
Order allow,deny  
Allow from all  
Options -Indexes FollowSymLinks  
AllowOverride All  
  
BrowserMatch ".*MSIE.*" \  
nokeepalive ssl-unclean-shutdown \  
downgrade-1.0 force-response-1.0

3、修改httpd-ssl.conf的相关配置

# vi /usr/local/apache/conf/extra/httpd-ssl.conf
搜索SSLCertificateFile
并将：（99行）SSLCertificateFile “/usr/local/apache/conf/server.crt”
改为：SSLCertificateFile “/usr/local/apache/conf/ssl.key/server.cert”
注：本章生成的非crt，请注意修改随后的cert

搜索SSLCertificateKeyFile
并将：（107行）SSLCertificateKeyFile “/usr/local/apache/conf/server.key”
改为：SSLCertificateKeyFile “/usr/local/apache/conf/ssl.key/server.key”

4、重启apache

# service httpd start  
Apache/2.2.21 mod_ssl/2.2.21 (Pass Phrase Dialog)  
Some of your private key files are encrypted for security reasons.  
In order to read them you have to provide the pass phrases.  
   
Server www.example.com:443 (RSA)  
Enter pass phrase:  
   
OK: Pass Phrase Dialog successful. 

注：如果出现[warn] default VirtualHost overlap on port 443, the first has precedence
解决方法：在httpd.conf里面加上下面这句句即可

NameVirtualHost 202.54.1.1:443