centos7配置Apache支持HTTPS

Apache版本2.4 
安装mod_ssl 

yum install mod_ssl

建立文件夹,存放sslkey

mkdir /etc/httpd/ssl/

建立凭证档

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

...........................................................+++
..............+++
writing new private key to '/etc/httpd/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CHN
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:HB
Locality Name (eg, city) [Default City]:WH
Organization Name (eg, company) [Default Company Ltd]:ZZ
Organizational Unit Name (eg, section) []:ZZ
Common Name (eg, your name or your server's hostname) []:WWW^H^[[3~^[[3~^[[3~^[[3~^[[3~^[[3~
Email Address []:webmaster@xxx.com

需要填写一些内容,我随便填的…

 

apache配置 
/etc/httpd/conf.d/ssl.conf 
我把这下面的内容复制到另外一个文件中配置的

<VirtualHost _default_:443>
*****
</VirtualHost>

需要修改的几项

DocumentRoot "/var/www/example.com/public_html"

ServerName www.example.com:443

SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

重启apache

systemctl restart httpd.service

通过以上步骤就能打开网页的https链接了,但是此时的https浏览器会提示不安全的链接,那么就需要到阿里云去申请一个CA证书,目前有免费版的CA证书,下面的链接是我发在百度的申请证书的教程,大家可以参考一下

https://jingyan.baidu.com/album/4b07be3c92836148b380f318.html

上一个效果图

 

https变成绿色,说明证书生效!

posted @ 2017-07-24 14:07  阿波罗的博客233  阅读(6500)  评论(0编辑  收藏  举报