搭建SSL,让Apache支持Https
2022-06-05PHP
SSL(Secure Sockets Layer 安全套接层),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。下面实测让Apache支持Https。
1
| [root@apache ~]# yum install mod_ssl |
在/etc/pki/tls/ssl下
当然我们也可以用openssl创建自己的证书
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
| [root@apache ~]# yum install openssl
生成证书文件
创建一个rsa私钥,文件名为server.key
[root@apache ssl]# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
............++++++
............++++++
e is 65537 (0x10001)
用 server.key 生成证书签署请求 CSR
openssl req -new -key server.key -out server.csr
Country Name:两个字母的国家代号
State or Province Name:省份名称
Locality Name:城市名称
Organization Name:公司名称
Organizational Unit Name:部门名称
Common Name:你的姓名
Email Address:地址
至于 'extra' attributes 不用输入.直接回车
生成证书CRT文件server.crt。
[root@apache ssl]# openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
修改ssl.conf指定我们自己生成的证书
[root@apache ~]# vi /etc/httpd/conf.d/ssl.conf
找到如下位置,修改路径
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/ssl/server.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/ssl/server.key
OK
[root@apache ~]# service httpd restart |
一切都搞定拉~~
