SSL全称为secure socket layer 用以保障在inetnet上数据传输安全,利用数据加密保障数据在网络上传输过程不会被窃取窃听
//yum 安装使apache支持ssl
yum install mod_ssl openssl
//创建私钥
openssl genrsa -out server.key 1024
//证书签发亲求csr,系统会向你索取一些简单的信息,这里为了实验方便一路回车
#
- # openssl req -new -key server.key -out server.csr
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [GB]:
- State or Province Name (full name) [Berkshire]:
- Locality Name (eg, city) [Newbury]:
- Organization Name (eg, company) [My Company Ltd]:
- Organizational Unit Name (eg, section) []:
- Common Name (eg, your name or your server's hostname) []:
- Email Address []:
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []:
- An optional company name []:
由于我们不能申请上级CA授权认证,自己给自己创建一个CA
- [root@centos129 ~]# openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
- Signature ok
- subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
- Getting Private key
以上3个操作产生3个文件
- server.key
- server.csr
- server.key
//修改www.zhoutao.name虚拟主机配置文件
内容如下
- [root@centos129 vconf.d]# cat nvhsot.conf
- <VirtualHost 172.16.148.129:443>
- ServerName www.zhoutao.name
- ScriptAlias /cgi-bin/ "/www/zhoutao.name/cgi-bin/"
- DocumentRoot /www/zhoutao.name
- SSLEngine on
- SSLOptions +StrictRequire
- SSLCertificateFile /etc/httpd/conf/server.crt
- SSLCertificateKeyFile /etc/httpd/conf/server.key
- <Directory /www/zhoutao.name>
- AllowOverride AuthConfig
- </Directory>
- </VirtualHost>
//实验结束
访问https://www.zhoutao.name
