最近2018中文字幕在日韩欧美国产成人片_国产日韩精品一区二区在线_在线观看成年美女黄网色视频_国产精品一区三区五区_国产精彩刺激乱对白_看黄色黄大色黄片免费_人人超碰自拍cao_国产高清av在线_亚洲精品电影av_日韩美女尤物视频网站

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問(wèn)題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營(yíng)銷(xiāo)解決方案
Apache配置SSL實(shí)現(xiàn)https訪問(wèn)-創(chuàng)新互聯(lián)

本次壞境:CA和apache為同一臺(tái)主機(jī)

成都創(chuàng)新互聯(lián)公司-專(zhuān)業(yè)網(wǎng)站定制、快速模板網(wǎng)站建設(shè)、高性價(jià)比云霄網(wǎng)站開(kāi)發(fā)、企業(yè)建站全套包干低至880元,成熟完善的模板庫(kù),直接使用。一站式云霄網(wǎng)站制作公司更省心,省錢(qián),快速模板網(wǎng)站建設(shè)找我們,業(yè)務(wù)覆蓋云霄地區(qū)。費(fèi)用合理售后完善,10余年實(shí)體公司更值得信賴(lài)。

先使本機(jī)作為CA服務(wù)端:

[root@localhost~]#yum -y install openssl openssl-devel

[root@localhost~]#vi /etc/pki/tls/openssl.cnf

[ CA_default ]

dir = ../../CA

改為:

[ CA_default ]

dir= /etc/pki/CA

為了減少不必要的重復(fù)操作,可以預(yù)先定義[ req_distinguished_name ]下面的一些內(nèi)容,自定義即可,具體的就不多說(shuō)了

:wq

[root@localhost~]#cd /etc/pki/CA

[root@localhost CA]# mkdir certs newcerts crl

[root@localhost CA]# touch index.txt

[root@localhost CA]# echo 00 > serial

[root@localhost CA]# (umask 077; openssl genrsa -out private/cakey.pem 2048)  ##生成自簽密鑰

[root@localhost CA]# openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3657  ##生成自簽證書(shū)

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [BJ]:

Locality Name (eg, city) [HaiDian]:

Organization Name (eg, company) [TEXT]:

Organizational Unit Name (eg, section) [DEV]:

Common Name (eg, your name or your server's hostname) []:ca.text.com

Email Address []:[email protected]

由于openssl.cnf里面定義了部分內(nèi)容,上面一直敲回車(chē),直到Common Name (eg, your name or your server's hostname) []:  (此為CA服務(wù)名稱(chēng),可自定義)

最后一個(gè)郵箱也可自定義

都敲完后,我們的CA服務(wù)端就完成了,繼續(xù)往下做

Apache動(dòng)態(tài)編譯安裝:

[root@localhost CA]# tar -xf httpd-2.2.9.tar -C /usr/local/src/

[root@localhost CA]#cd /usr/local/src/httpd-2.2.9/

[root@localhost httpd-2.2.9]# ./configure --prefix=/usr/local/apache2 --sysconfdir=/etc/httpd --with-z=/usr/local/zlib/ --with-included-apr --enable-so --enable-mods-shared=most

[root@localhost httpd-2.2.9]#make;make install

Apache配置ssl:

[root@localhost CA]# rpm -qa |grep mod_ssl

[root@localhost CA]# yum -y install mod_ssl ##如沒(méi)有mod_ssl直接使用yum安裝即可

[root@localhost CA]# rpm -ql mod_ssl  ##查看mod_ssl生成的配置文件位置

[root@localhost CA]# cd /etc/httpd

[root@localhost httpd]# mkdir ssl

[root@localhost httpd]# cd ssl

[root@localhost ssl]# (umask 077; openssl genrsa -out httpd.key 2048)  ##生成密鑰

[root@localhost ssl]#openssl req -new -key httpd.key -out httpd.csr  ##生成證書(shū)簽署請(qǐng)求

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [BJ]:

Locality Name (eg, city) [HaiDian]:

Organization Name (eg, company) [TEXT]:

Organizational Unit Name (eg, section) [DEV]:

## 上面五條一定要和CA服務(wù)器設(shè)置一致,本次實(shí)驗(yàn)都是在一臺(tái)主機(jī)上,所以直接敲回車(chē)即可

Common Name (eg, your name or your server's hostname) []:text.bj.com  ##一定要是客戶端訪問(wèn)的地址,而不是上面CA設(shè)置的地址

Email Address []:[email protected]  ##自定義

[root@localhost ssl]#openssl ca -in httpd.csr -out httpd.crt -days 3657  ## ca簽署命令,敲兩次y和回車(chē)即可(由于都在一臺(tái)機(jī)器上,直接簽署就可以了,如果在不同機(jī)器上,把http的證書(shū)簽署請(qǐng)求文件拷貝到CA服務(wù)端簽署后拷貝回來(lái)就可以了)

[root@localhost ssl]#vi /etc/httpd/conf.d/ssl.conf

默認(rèn)443端口不變

查看下面兩句是否存在,不存在加上

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl

改為:

 ##web服務(wù)器或web虛擬主機(jī)IP地址

添加下面兩句

ServerName text.bj.com  ##上面定義的地址

DocumentRoot "/var/www/html"  ##網(wǎng)站目錄位置,如設(shè)置的虛擬主機(jī),此位置需和apache配置文件里虛擬主機(jī)定義的位置一致

SSLEngine on  ##確保開(kāi)啟

SSLCertificateFile /etc/httpd/ssl/httpd.crt  ## 證書(shū)存放位置

SSLCertificateKeyFile /etc/httpd/ssl/httpd.key  ##密鑰存放位置

:wq

[root@localhost ssl]#echo text.bj.com > /var/www/html/index.html

[root@localhost ssl]#/etc/init.d/httpd start

[root@localhost ssl]#netstat –tnlp  ##查看443端口是否開(kāi)啟

訪問(wèn)https://text.bj.com

提示“該網(wǎng)站的安全證書(shū)不受信任”

解決:

拷貝/etc/pki/CA/cacert.pem到客戶端上安裝即可(winPC后綴改為.crt后雙擊安裝)


文章題目:Apache配置SSL實(shí)現(xiàn)https訪問(wèn)-創(chuàng)新互聯(lián)
轉(zhuǎn)載來(lái)于:http://fisionsoft.com.cn/article/psjes.html