SSL HTTPS检测获得A+的方法

检测地址 https://www.ssllabs.com/ssltest/

apache版本 2.4

  1. 开启php的openssl模块 开启apache的ssl模块
  2. 一般大家是用apache虚拟机的
    增加如下配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Listen 443
<VirtualHost *:443>
    DocumentRoot "C:\php\www"
    ServerName iguojin.com
    ServerAlias 

    # 开启HSTS长期有效
    Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
    # 开启SSL
    SSLEngine on
    # 添加SSL协议支持协议
    SSLProtocol all -SSLv2 -SSLv3
    # 服务器加密协议偏好顺序
    SSLHonorCipherOrder on
    # 修改加密套件如下
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"

    SSLCertificateFile "path_to_your_public.pem"
    SSLCertificateKeyFile "path_to_your.key"
    SSLCertificateChainFile "path_to_your_chain.pem"
  
    <Directory "C:\php\www">
        Options Indexes FollowSymLinks ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>
</VirtualHost>

3 重启apache即可

http https共存

实际上可能没必要都搞成https,至少我这样认为,而且可能以前的项目写的就是http,到时候会出问题,关键环节用https即可
所以,利用虚拟机,一个https的443端口和http的80端口指向同样目录即可
ServerName一致
即可实现http https都可以用,非常方便