diff --git a/sources/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md b/sources/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md deleted file mode 100644 index 67bd7586c4..0000000000 --- a/sources/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md +++ /dev/null @@ -1,73 +0,0 @@ -Translating----geekpi - -How to Install SSL on Apache 2.4 in Ubuntu 14.0.4 -================================================================================ -Today I will show you how to install a **SSL certificate** on your personal website or blog, to help secure the communications between your visitors and your website. - -Secure Sockets Layer or SSL, is the standard security technology for creating an encrypted connection between a web server and a web browser. This ensures that all data passed between the web server and the web browser remain private and secure. It is used by millions of websites in the protection of their online communications with their customers. In order to be able to generate an SSL link, a web server requires a SSL Certificate. - -You can create your own SSL Certificate, but it will not be trusted by default in web browsers, to fix this you will have to buy a digital certificate from a trusted Certification Authority (CA), we will show you below how to get the certificate and install it in apache. - -### Generating a Certificate Signing Request ### - -The Certification Authority (CA) will ask you for a Certificate Signing Request (CSR) generated on your web server. This is a simple step and only takes a minute, you will have to run the following command and input the requested information: - - # openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainname.key -out yourdomainname.csr - -The output should look something like this: - -![generate csr](http://blog.linoxide.com/wp-content/uploads/2015/01/generate-csr.jpg) - -This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl. - -Depending on the authority you apply to, you will either have to upload your csr file or paste it's content in a web form. - -### Installing the actual certificate in Apache ### - -After the generation process is finished you will receive your new digital certificate, for this article we have used [Comodo SSL][1] and received the certificate in a zip file. To use it in apache you will first have to create a bundle of the certificates you received in the zip file with the following command: - - # cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.crt - -![bundle](http://blog.linoxide.com/wp-content/uploads/2015/01/bundle.jpg) - -Now make sure that the ssl module is loaded in apache by running the following command: - - # a2enmod ssl - -If you get the message "Module ssl already enabled" you are ok, if you get the message "Enabling module ssl." you will also have to run the following command to restart apache: - - # service apache2 restart - -Finally modify your virtual host file (generally found in /etc/apache2/sites-enabled) to look something like this: - - DocumentRoot /var/www/html/ - ServerName linoxide.com - SSLEngine on - SSLCertificateFile /usr/local/ssl/crt/yourdomainname.crt - SSLCertificateKeyFile /usr/local/ssl/yourdomainname.key - SSLCACertificateFile /usr/local/ssl/bundle.crt - -You should now access your website using https://YOURDOMAIN/ (be careful to use 'https' not http) and see the SSL in progress (generally indicated by a lock in your web browser). - -**NOTE:** All the links must now point to https, if some of the content on the website (like images or css files) still point to http links you will get a warning in the browser, to fix this you have to make sure that every link points to https. - -### Redirect HTTP requests to HTTPS version of your website ### - -If you wish to redirect the normal HTTP requests to HTTPS version of your website, add the following text to either the virtual host you wish to apply it to or to the apache.conf if you wish to apply it for all websites hosted on the server: - - RewriteEngine On - RewriteCond %{HTTPS} off - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} - --------------------------------------------------------------------------------- - -via: http://linoxide.com/ubuntu-how-to/install-ssl-apache-2-4-in-ubuntu/ - -作者:[Adrian Dinu][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/adriand/ -[1]:https://ssl.comodo.com/ \ No newline at end of file diff --git a/translated/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md b/translated/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md new file mode 100644 index 0000000000..6f5a53fdee --- /dev/null +++ b/translated/tech/20150108 How to Install SSL on Apache 2.4 in Ubuntu 14.0.4.md @@ -0,0 +1,73 @@ +如何在Ubuntu 14.04 上为Apache 2.4 安装SSL +================================================================================ +今天我会站如如何为你的个人网站或者博客安装**SSL 证书**,来保护你的访问者和网站之间通信的安全。 + +安全套接字层或称SSL,是一种加密网站和浏览器之间连接的标准安全技术。这确保服务器和浏览器之间传输的数据保持隐私和安全。这被成千上万的人使用来保护他们与客户的通信。要启用SSL链接,web服务器需要安装SSL证书。 + +你可以创建你自己的SSL证书,但是这默认不会被浏览器信任,要修复这个问题,你需要从受信任的证书机构(CA)处购买证书,我们会向你展示如何 +或者证书并在apache中安装。 + +### 生成一个证书签名请求 ### + +证书机构(CA)会要求你在你的服务器上生成一个证书签名请求(CSR)。这是一个很简单的过程,只需要一会就行,你需要运行下面的命令并输入需要的信息: + + # openssl req -new -newkey rsa:2048 -nodes -keyout yourdomainname.key -out yourdomainname.csr + +输出看上去会像这样: + +![generate csr](http://blog.linoxide.com/wp-content/uploads/2015/01/generate-csr.jpg) + +这一步会生成两个文件按:一个用于解密SSL证书的私钥文件,一个证书签名请求(CSR)文件(用于申请你的SSL证书)。 + +根据你申请的机构,你会需要上传csr文件或者在网站表格中粘帖他的内容。 + +### 在Apache中安装实际的证书 ### + +生成步骤完成之后,你会收到新的数字证书,本篇教程中我们使用[Comodo SSL][1]并在一个zip文件中收到了证书。要在apache中使用它,你首先需要用下面的命令为收到的证书创建一个组合的证书: + + # cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > bundle.crt + +![bundle](http://blog.linoxide.com/wp-content/uploads/2015/01/bundle.jpg) + +用下面的命令确保ssl模块已经加载进apache了: + + # a2enmod ssl + +如果你看到了“Module ssl already enabled”这样的信息就说明你成功了,如果你看到了“Enabling module ssl”,那么你还需要用下面的命令重启apache: + + # service apache2 restart + +最后像下面这样修改你的虚拟主机文件(通常在/etc/apache2/sites-enabled 下): + + DocumentRoot /var/www/html/ + ServerName linoxide.com + SSLEngine on + SSLCertificateFile /usr/local/ssl/crt/yourdomainname.crt + SSLCertificateKeyFile /usr/local/ssl/yourdomainname.key + SSLCACertificateFile /usr/local/ssl/bundle.crt + +你现在应该可以用https://YOURDOMAIN/(注意使用‘https’而不是‘http’)来访问你的网站了,并可以看到SSL的进度条了(通常在你浏览器中用一把锁来表示)。 + +**NOTE:** All the links must now point to https, if some of the content on the website (like images or css files) still point to http links you will get a warning in the browser, to fix this you have to make sure that every link points to https. +**注意:** 现在所有的链接都必须指向https,如果网站上的一些内容(像图片或者css文件等)仍旧指向http链接的话,你会在浏览器中得到一个警告,要修复这个问题,请确保每个链接都指向了https。 + +### 在你的网站上重定向HTTP请求到HTTPS中 ### + +如果你希望重定向常规的HTTP请求到HTTPS,添加下面的文本到你希望的虚拟主机或者如果希望给服务器上所有网站都添加的话就加入到apache.conf中: + + RewriteEngine On + RewriteCond %{HTTPS} off + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/ubuntu-how-to/install-ssl-apache-2-4-in-ubuntu/ + +作者:[Adrian Dinu][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/adriand/ +[1]:https://ssl.comodo.com/ \ No newline at end of file