yum install httpd httpd-devel subversion mod_dav_svn mod_ssl # mkdir -p /var/www/vlsvn # cd /var/www/vlsvn # svnadmin create testdb # chown -R apache.apache testdb # vi /etc/httpd/conf.d/subversion.confDAV svn #注意,下面的路径,子文件夹名不能和父文件名重复,不然就会出问题 SVNParentPath /var/www/vlsvn # # # Limit write permission to list of valid users. # 下面建立可访问用户文件 # htpasswd -c /var/www/svn/repository/authfile 用户名 要增加用户,则使用下面命令 # htpasswd /var/www/svn/repository/authfile 用户名 # service httpd restart http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz tar zxvf ssl.ca-0.1.tar.gz.1 •# ./new-root-ca.sh (生成根证书) No Root CA key round. Generating one Generating RSA private key, 1024 bit long modulus ...........................++++++ ....++++++ e is 65537 (0x10001) Enter pass phrase for ca.key: (输入一个密码) Verifying - Enter pass phrase for ca.key: (再输入一次密码) ...... Self-sign the root CA... (签署根证书) Enter pass phrase for ca.key: (输入刚刚设置的密码) ........ ........ (下面开始签署) Country Name (2 letter code) [MY]: CN State or Province Name (full name) [Perak]: liaoning Locality Name (eg, city) [Sitiawan]: dalian Organization Name (eg, company) [My Directory Sdn Bhd]: jishikeyan Organizational Unit Name (eg, section) [Certification Services Division]: ACSTAR Common Name (eg, MD Root CA) []: yong Email Address []: yong@yong.com.cn 这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书: •# ./new-server-cert.sh server (这个证书的名字是server) ...... ...... Country Name (2 letter code) [MY]: CN State or Province Name (full name) [Perak]: liaoning Locality Name (eg, city) [Sitiawan]: dalian Organization Name (eg, company) [My Directory Sdn Bhd]: jishikeyan Organizational Unit Name (eg, section) [Secure Web Server]: ACSTAR Common Name (eg, www.domain.com) []: localhost Email Address []: yong@yong.com.cn 这样就生成了server.csr和server.key这两个文件。 还需要签署一下才能使用的: •# ./sign-server-cert.sh server CA signing: server.csr -> server.crt: Using configuration from ca.config Enter pass phrase for ./ca.key: (输入上面设置的根证书密码) Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'CN' stateOrProvinceName :PRINTABLE:'liaoning' localityName :PRINTABLE:'liaoning' organizationName :PRINTABLE:'jishikeyan' organizationalUnitName:PRINTABLE:'ACSTAR' commonName :PRINTABLE:'localhost' emailAddress :IA5STRING:'yongl@yong.com.cn' Certificate is to be certified until Jul 16 12:55:34 2005 GMT (365 days) Sign the certificate? [y/n]: y 1 out of 1 certificate requests certified, commit? [y/n] y Write out database with 1 new entries Data Base Updated CA verifying: server.crt <-> CA cert server.crt: OK 下面要按照ssl.conf里面的设置,将证书放在适当的位置。 •使用如下命令移动认证文件到: •# mv server.key /usr/local/apache2/conf/ •# mv server.crt /usr/local/apache2/conf/ •编辑apache的配置文件 使用https方式验证 : vi /usr/local/apache/conf/http.conf # Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf //把此处的#去掉# # Require SSL connection for password protection. # # SSLRequireSSL # AuthType Basic AuthName "Subversion repository" AuthzSVNAccessFile /var/www/vlsvn/authz.conf AuthUserFile /var/www/vlsvn/authfile Require valid-user SSLRequireSSL #