标签:https服务的提供
https实现:httpd利用https协议通过证书安全加密,使得资源进行加密传输 //SSL会话是基于IP地址所构建的,所以单IP地址的服务器,仅可以创建一个基于https的虚拟主机 创建私有CA:OpenSSL
1.创建CA的私钥:
~]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2.生成CA的自签证书:
~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3653
3.完善CA所必需目录级文件要求和文本文件级文件要求:
~]# touch /etc/pki/CA/index.txt
~]# echo 01 > /etc/pki/CA/serial
创建https站点:
1.为httpd服务器生成密钥并生成证书请求:
~]# mkdir /etc/httpd/ssl
~]# cd /etc/httpd/ssl
~]# (umask 077;openssl genrsa -out httpd.key 2048)
~]# openssl req -new -key httpd.key -out httpd.csr -days 3653
2.将证书请求发送到CA:
~]# scp httpd.csr CA_SERVER:/tmp
3.在CA上为此次请求签发证书:
~]# openssl ca -in /tmp/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 3653
4.在CA上将CA签发的证书传送到httpd服务器:
~]# scp /etc/pki/CA/certs/httpd.crt HTTP_SERVER:/etc/httpd/ssl
5.在httpd服务器上,删除证书请求文件:
~]# rm -f httpd.csr
6.在httpd服务器上配置ssl支持:
1) 保证mod_ssl模块被正确装载;如果没有,则需要单独安装;
yum -y install mod_ssl
/etc/httpd/conf.d/ssl.conf
/usr/lib64/httpd/modules/mod_ssl.so
2) 配置https的虚拟主机:
<VirtualHost 172.16.88.99:443>
DocumentRoot "/myvhost/https"
ServerName www.a.com
SSLCertificateFile /etc/httpd/ssl/httpd.crt
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>
标签:https服务的提供
原文地址:http://blog.51cto.com/chenliangdeeper/2108664