8 配置ssl访问subversion
参考了Linux SVN+Apache+SSL 安装配置和Apache SSL配置
openssl genrsa -des3 -out ca.key 1024
//按提示输入密码:****
chmod 400 ca.key
//生成证书
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
//按提示分别输入如下内容:
//Country Name: CN
//State or Province Name:
//Locality Name:
//Organization Name:
//Organizational Unit Name:
//Common Name:
//Email Address: your email
chmod 400 ca.crt
openssl genrsa -des3 -out server.key 1024
//按提示输入密码:
chmod 400 server.key
openssl req -new -key server.key -out server.csr
//按提示分别输入如下内容:
//Country Name: CN
//State or Province Name:
//Locality Name:
//Organization Name:
//Organizational Unit Name:
//Common Name:
//Email Address: your email
(ca.crt 和server.csr 的Common Name不能一样)
openssl req -noout -text -in server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
chmod 400 server.crt
vim /usr/local/apache2/conf/httpd.conf
取消Include conf/extra/httpd-ssl.conf前的注释#
打开httpd-ssl.conf文件查看如下两行,确保前面生成的证书放置在该路径下
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
重启httpd服务
查看https://localhost/svn/ 浏览器显示此网站的安全证书有问题,忽略它,输入用户名和密码,至此基于SSL的Subversion配置完成。
9 总结
配置过程中应该了解Ubuntu和其他linux发行版安装软件的不同,掌握make和make install。如碰到apache2不能启动,阅读错误提示以及查看日志(/usr/local/apache2/logs/error.log).