zoukankan      html  css  js  c++  java
  • HTTPS的实现

    1.安装专门的mod_ssl模块

    复制代码
    [root@contos7 ~]# yum install mod_ssl
    Loaded plugins: fastestmirror, langpacks
    Loading mirror speeds from cached hostfile
    Resolving Dependencies
    --> Running transaction check
    ---> Package mod_ssl.x86_64 1:2.4.6-80.el7.centos will be installed
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    ======================================================================================================================
     Package                  Arch                    Version                                 Repository             Size
    ======================================================================================================================
    Installing:
     mod_ssl                  x86_64                  1:2.4.6-80.el7.centos                   base                  111 k
    
    Transaction Summary
    ======================================================================================================================
    Install  1 Package
    
    Total download size: 111 k
    Installed size: 224 k
    Is this ok [y/d/N]: y
    Downloading packages:
    mod_ssl-2.4.6-80.el7.centos.x86_64.rpm                                                         | 111 kB  00:00:00     
    Running transaction check
    Running transaction test
    Transaction test succeeded
    Running transaction
      Installing : 1:mod_ssl-2.4.6-80.el7.centos.x86_64                                                               1/1 
      Verifying  : 1:mod_ssl-2.4.6-80.el7.centos.x86_64                                                               1/1 
    
    Installed:
      mod_ssl.x86_64 1:2.4.6-80.el7.centos                                                                                
    
    Complete!
    复制代码

    2.申请CA证书

        要生成证书就需要为服务端生成私钥,并用它来为其提供证书文件;

    复制代码
    [root@contos7 ~]# cd /etc/pki/CA
    [root@contos7 /etc/pki/CA]# (umask 066;openssl genrsa -out private/cakey.pem 4096)
    Generating RSA private key, 4096 bit long modulus
    .....++
    .........................................................++
    e is 65537 (0x10001)
    [root@contos7 /etc/pki/CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:HeNan    
    Locality Name (eg, city) [Default City]:ZhengZhou
    Organization Name (eg, company) [Default Company Ltd]:Magedu
    Organizational Unit Name (eg, section) []:opt
    Common Name (eg, your name or your server's hostname) []:
    Email Address []:
    [root@contos7 /etc/pki/CA]# touch index.txt
    [root@contos7 /etc/pki/CA]# echo 00 > serial
    [root@contos7 /etc/pki/CA]# mkdir /etc/httpd/conf.d/ssl
    [root@contos7 /etc/pki/CA]# cd /etc/httpd/conf.d/ssl/
    [root@contos7 /etc/httpd/conf.d/ssl]# (umask 066;openssl genrsa -out httpd.key 1024)
    Generating RSA private key, 1024 bit long modulus
    ......++++++
    .............++++++
    e is 65537 (0x10001)
    [root@contos7 /etc/httpd/conf.d/ssl]# openssl req -new -key httpd.key -out httpd.csr
    [root@contos7 /etc/httpd/conf.d/ssl]#  openssl ca -in httpd.csr -out httpd.crt -days 365
    [root@contos7 /etc/httpd/conf.d/ssl]#  cp /etc/pki/CA/cacert.pem .
    复制代码

    3.编辑.conf配置文件

        将代码修改为下列三行

    [root@contos7 ~]# vim /etc/httpd/conf.d/ssl.conf
    SSLCertificateFile /etc/httpd/conf.d/ssl/httpd.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/ssl/httpd.key
    SSLCACertificateFile /etc/httpd/conf.d/ssl/cacert.pem

    4.修改配置文件

    复制代码
    [root@contos7 ~]# vim /etc/httpd/conf.d/vhost.conf
    <VirtualHost *:443>
        ServerName  www.baidu.com
        DocumentRoot "/app/website1"
        CustomLog "logs/www.baidu.com_access_log" combined
        <Directory "/app/website1">
        Require all granted
        </Directory>
    </VirtualHost>
    ~                 
    复制代码

    4.重新启动服务

    [root@contos7 ~]# systemctl restart httpd
  • 相关阅读:
    锁相环(PLL)的IP核调取及应用详解
    进阶项目(3)UART串口通信程序设计讲解
    基础项目(2)二选一数据选择器的设计
    读写储存器RAM IP核的调取及应用
    进阶项目(1)字符状态机讲解
    基础项目(1) 流水灯项目讲解
    只读储存器ROM IP核的调取及应用
    常见的关系运算符(移位运算符)
    常见的关系运算符(缩减运算符)
    乱七八糟
  • 原文地址:https://www.cnblogs.com/fengquan-blog/p/11904562.html
Copyright © 2011-2022 走看看