如何从 Godaddy 证书导出私钥并与 Apache SSL 一起使用
我购买了 Godaddy 证书,并将其正确安装在我的 Mac 服务器上,所以现在我在钥匙串应用程序中看到 2 个条目:
- GoDaddy 安全证书颁发机构
- mydomain
- mydomain(私钥)
然后我将证书(mydomain.com)添加到httpd.conf文件的VirtualHost中,所以:
<VirtualHost *:443>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
CustomLog "/private/var/log/apache2/mydomain.com-access_log" common
SSLCertificateFile /etc/apache2/mydomain.cer
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
那么,我猜,我还需要私钥文件,否则Apache无法处理证书。 如何做到这一点?我可以将 Apple Keychain 中的证书保存到 .pem 和 .cer 文件中。
I purchased a Godaddy Certificate, I correctly installed it on my Mac Server, so now I see 2 entry within Keychain Application:
- Go Daddy Secure Certification Authority
- mydomain
- mydomain (private key)
Then I added the certificate (mydomain.com) to a VirtualHost of httpd.conf file, so:
<VirtualHost *:443>
DocumentRoot "/Library/ApacheTomcat/apache-tomcat-6.0.33/webapps/MyServerAppName"
ServerName mydomain.com
ErrorLog "/private/var/log/apache2/mydomain.com-error_log"
CustomLog "/private/var/log/apache2/mydomain.com-access_log" common
SSLCertificateFile /etc/apache2/mydomain.cer
JkMountCopy On
JkMount /* ajp13
</VirtualHost>
Then, I guess, I also need the private key file, otherwise Apache fails to handle the certificate.
How to do this? I can save the certificates from Apple Keychain into .pem and .cer file.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
在钥匙串中,以 PKCS#12 格式导出您的私钥和证书(.p12 文件,个人信息交换)。您应该能够通过展开您的私钥条目(在“钥匙串访问”中)、右键单击其证书并使用“导出”来完成此操作。它可能会要求您输入密码来保护此 p12 文件。
然后,在终端中,使用 OpenSSL 提取私钥:
同样,对于证书(尽管您可能已经拥有 PEM 格式的证书,因此您可能不需要此步骤):
然后,设置
SSLCertificateFile(证书)和SSLCertificateKeyFile(私钥) 选项指向 Apache 中的这些文件httpd 配置。In the Keychain, export your private key and certificate in PKCS#12 format (.p12 file, Personal Information Exchange). You should be able to do this using by expanding your private key entry (in Keychain Access), right-clicking on its certificate and using Export. It will probably ask you for a password to protect this p12 file.
Then, in the Terminal, extract the private key using OpenSSL:
Similarly, for the certificate (although it seems you may already have it in PEM format, so you might not need this step):
Then, set the
SSLCertificateFile(cert) andSSLCertificateKeyFile(private key) options to point to these files in your Apache Httpd configuration.我遇到了同样的问题,我使用这些命令导出私钥
并使用这些命令导出证书
I had the same problem and I used these commands to export the private key
and these to export the certificate