1.创建私钥(可选,用于申请证书):
openssl genrsa 2048 > private-key.pem
2.创建证书签名 (CSR,可选):
openssl req -new -key private-key.pem -out csr.pem
3.上传到服务器:
scp ./STAR_yourdomain_com/* yourdomain:/etc/pki/tls/private/
4.合并正规渠道获得的证书:
cat STAR_yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt
5.配置Apache(不再累述详细配置过程):
<VirtualHost *:443>
ServerName *.yourdomain.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/private/STAR_yourdomain_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/STAR_yourdomain_com.key
SSLCertificateChainFile /etc/pki/tls/private/ssl-bundle.crt
SSLCACertificateFile /etc/pki/tls/private/AddTrustExternalCARoot.crt
</VirtualHost>