配置apache使用https访问

  1. 准备

    yum install mod_ssl openssl

  2. 生成一个自签名证书

    cd /etc/pki/CA
    1.生成2048位的加密私钥
    openssl genrsa -out server.key 2048
    2.生成证书签名请求
    openssl req -new -key server.key -out server.csr

    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [XX]:CN
    State or Province Name (full name) []:beijing
    Locality Name (eg, city) [Default City]:beijing
    Organization Name (eg, company) [Default Company Ltd]:test.com
    Organizational Unit Name (eg, section) []:test
    Common Name (eg, your name or your server's hostname) []:test.com
    Email Address []:test@qq.com

    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:123456

    An optional company name []:test
    3.生成类型为X509的自签名证书(有效期36500天)
    openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt

3.配置Apache服务

vim /etc/httpd/conf.d/ssl.conf
1.修改下面的内容
SSLCertificateFile /etc/pki/CA/server.crt
SSLCertificateKeyFile /etc/pki/CA/server.key
2.重启Apache
/etc/init.d/httpd restart

4.调整虚拟主机

cd /etc/httpd/conf.d
vim test.conf
添加以下内容
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/CA/server.crt
SSLCertificateKeyFile /etc/pki/CA/server.key
<Directory /var/www/html/>
    AllowOverride All
</Directory>
ServerAdmin email@example.com
DocumentRoot /var/www/html/
ServerName www.test.com
</VirtualHost>

5.测试访问

1.因为域名只是一个测试的,所以需要再Windows下绑定hosts,自定绑定
2.访问测试
https://Ip
posted @ 2017-06-16 09:23  于欢水  阅读(627)  评论(0编辑  收藏  举报