本站首页    管理页面    写新日志    退出


«October 2025»
1234
567891011
12131415161718
19202122232425
262728293031


公告
 本博客在此声明所有文章均为转摘,只做资料收集使用。

我的分类(专题)

日志更新

最新评论

留言板

链接

Blog信息
blog名称:
日志总数:1304
评论数量:2242
留言数量:5
访问次数:7641803
建立时间:2006年5月29日




[Subversion]Redhat9 SVN apache(含ssl) 方式安装及配置(草稿)
软件技术,  电脑与网络

lhwork 发表于 2006/6/23 13:15:47

SVN apache 方式安装及配置: 1. 下载apache2和SVN源码包 2. 编译apache2 # ./configure --enable-dav --enable-so --enable-maintainer-mode # make # make install 3. 编译SVN # ./configure --with-apxs=/usr/local/apache2/bin/apxs # make # make install 编译完成后会自动在 /usr/local/apache2/conf/httpd.conf 添加 LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so 4. 修改访问权限 # chown –R nobody /home/svn/ 5. 创建用户luke # htpasswd -c /home/svn/svn-auth-file luke 6. 编辑/usr/local/apache2/conf/httpd.conf,增加如下行 <Location /svn> DAV svn SVNPath /home/svn/svnroot # repository目录 AuthType Basic AuthName "Subversion repository" AuthUserFile /home/svn/svn-auth-file Require valid-user </Location> 7. 启动httpd # /usr/local/apache2/bin/httpd -k start 8. 客户端用http://192.168.0.159/svn/访问,输入用户名和密码即可。 SVN apache+ssl 方式安装及配置: 1. 下载openssl和Apache2 注意:Apache2的版本需要是httpd-2.0.55,httpd-2.0.54有个BUG,SSL时编译不过。 2. 安装openssl cd ~/server # tar -zxvf openssl-0.9.7d.tar.gz # cd openssl-0.9.7d # ./configure # make # make install 手工将/usr/local/ssl/bin加入到PATH中。 3. 安装Apache # tar -zxvf httpd-2.0.55.tar.gz # ./configure --enable-so --enable-ssl --with-ssl=/usr/local/ssl --enable-rewrite --enable-dav --enable-maintainer-mode # make # make install 4. 生成 Apache 启动文件 # cd /etc/rc.d/init.d # sed 's/sbin\/atd/local\/apache2\/bin\/httpd/g' atd > httpd # sed 's/atd/httpd/g' httpd > /tmp/txt # sed 's/at daemon/httpd daemon/g' /tmp/txt > httpd # rm /tmp/txt # chmod 755 httpd # chkconfig --level 345 httpd on # chkconfig --level 0126 httpd off 启动并测试Apache服务器 # /etc/rc.d/init.d/httpd start 如果出现: Starting httpd daemon: [ OK ] ------------------------------------------------------------------------------------- 5. 建立自己的CA # cd /usr/local/apache2/conf # /usr/local/ssl/misc/CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... Generating a 1024 bit RSA private key .......................................++++++ .........................++++++ writing new private key to './demoCA/private/cakey.pem' Enter PEM pass phrase: # 输入验证CA的私钥口令 Verifying - Enter PEM pass phrase: # 再次输入 ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:BJ Locality Name (eg, city) []:Beijing Organization Name (eg, company) [Internet Widgits Pty Ltd]:LC Organizational Unit Name (eg, section) []:RD Common Name (eg, YOUR name) []:luke Email Address []:test@test.com.cn Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:abc123 An optional company name []:lipman Using configuration from /usr/local/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: Check that the request matches the signature Signature ok Certificate Details: Serial Number: 84:4e:78:d3:5b:df:21:f2 Validity Not Before: Nov 9 08:48:03 2005 GMT Not After : Nov 8 08:48:03 2008 GMT Subject: countryName = CN stateOrProvinceName = BJ organizationName = LC organizationalUnitName = RD commonName = luke emailAddress = test@test.com.cn X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: C0:B5:1D:81:0F:52:09:8B:45:93:6A:17:8C:EA:54:DB:7C:7B:8D:31 X509v3 Authority Key Identifier: keyid:C0:B5:1D:81:0F:52:09:8B:45:93:6A:17:8C:EA:54:DB:7C:7B:8D:31 Certificate is to be certified until Nov 8 08:48:03 2008 GMT (1095 days) Write out database with 1 new entries Data Base Updated 会在当前目录下生成一个demoCA目录 ./demoCA/certs ./demoCA/crl 电子证书撤销列表 (Certificate Revocation List) ./demoCA/newcerts 备份所有经这个 CA 签署过的电子证书 ./demoCA/private CA 的私有区,存放了不可以外洩的资料,例如私钥 ./demoCA/private/cakey.pem CA 的私钥 ./demoCA/index.txt ./demoCA/cacert.pem CA 的证书 ./demoCA/serial ----------------------------------------------------------------------------------- 6. Server端配置 # cd /usr/local/apache2/conf # mkdir ssl 1) 生成server密钥 # openssl genrsa -out ssl/server.key 1024 #为了启动时不需要输入密码,删除加密选项 -3des 查看内容:需输入 # openssl rsa -noout -text -in ssl/server.key 2) 生成server待签名证书 # openssl req -new -key ssl/server.key -out ssl/server.csr 3) 用CA私钥签名 # openssl x509 -req -in ssl/server.csr -out ssl/servercert.pem -CA demoCA/cacert.pem -CAserial demoCA/serial -CAkey demoCA/private/cakey.pem -days 3650 查看内容:openssl x509 -noout -text -in ssl/servercert.pem 4) httpd.conf配置 <Location /svn> DAV svn #SVNPath /home/svn/svnroot SVNParentPath /home/svn AuthzSVNAccessFile /home/svn/access SSLRequireSSL AuthType Basic AuthName "Subversion repository" AuthUserFile /home/svn/svn-auth-file Require valid-user </Location> 5) ssl.conf配置 ServerName LC:443 # LC是创建CA时的organizationName SSLCertificateFile /usr/local/apache2/conf/ssl/servercert.pem SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key SSLCACertificateFile /usr/local/apache2/conf/demoCA/cacert.pem 6) 文件/home/svn/access内容示例 # directory specific authorization control [groups] Application = luke #[svn:/svn install/trunk] #SVNPath /home/svn/svnroot [svnroot:/] @Application = rw [doc:/] @Application = rw #[/] #* = rw 7. 生成Client端证书 # cd /usr/local/apache2/conf # mkdir client 1) 生成client密钥 # openssl genrsa -out client/test.key 1024 2) 生成client待签名证书 # openssl req -new -key client/test.key -out client/test.csr 3) 用CA私钥签名 # openssl x509 -req -in client/test.csr -out client/test.pem -CA demoCA/cacert.pem -CAserial demoCA/serial -CAkey demoCA/private/cakey.pem -days 3650 4) 生成Client端可以导入的个人证书 openssl pkcs12 -export -clcerts -in client/test.pem -inkey client/test.key -out client/test.p12 Enter Export Password: Verifying - Enter Export Password: 5) 客户端SVN设置 编辑C:\Documents and Settings\luke\Application Data\Subversion\servers 增加如下内容: [groups] examplehost = 192.168.0.159 [examplehost] ssl-client-cert-file = f:\linux\test.p12 # client证书所在的路径 # ssl-client-cert-password = 123456 # 安全起见,密码不要写在这里;不过这样很麻烦500)this.width=500'>,在tortoisesvn里总要输入Export Password。


阅读全文(3211) | 回复(0) | 编辑 | 精华
 



发表评论:
昵称:
密码:
主页:
标题:
验证码:  (不区分大小写,请仔细填写,输错需重写评论内容!)



站点首页 | 联系我们 | 博客注册 | 博客登陆

Sponsored By W3CHINA
W3CHINA Blog 0.8 Processed in 0.094 second(s), page refreshed 144791925 times.
《全国人大常委会关于维护互联网安全的决定》  《计算机信息网络国际联网安全保护管理办法》
苏ICP备05006046号