TA的每日心情 | 奋斗
2022-12-13 21:26 |
|---|
签到天数: 371 天 [LV.9]以坛为家II
|
本帖最后由 Sian 于 2014-7-27 09:12 编辑
1、安装mod_ssl
通过yum来在线安装mod_ssl
[root@Crayfish home]# yum -y install mod_ssl ← 在线安装mod_ssl
Loaded plugins: security
base | 3.7 kB 00:00
epel | 4.4 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.2.15-31.el6.centos will be installed
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================
Package Arch Version Repository Size
====================================================================================================
Installing:
mod_ssl x86_64 1:2.2.15-31.el6.centos updates 91 k
Transaction Summary
====================================================================================================
Install 1 Package(s)
Total download size: 91 k
Installed size: 183 k
Downloading Packages:
mod_ssl-2.2.15-31.el6.centos.x86_64.rpm | 91 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : 1:mod_ssl-2.2.15-31.el6.centos.x86_64 1/1
Verifying : 1:mod_ssl-2.2.15-31.el6.centos.x86_64 1/1
Installed:
mod_ssl.x86_64 1:2.2.15-31.el6.centos
Complete!
2、HTTP 服务器上配置mod_ssl
[1] 建立服务器密钥
[root@Crayfish home]# cd /etc/pki/tls/certs/ ← 进入HTTP服务器配置文件所在目录
[root@Crayfish certs]# make server.key ← 建立服务器密钥
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.....................................................................................................................................................................................................................................+++
....................................................................................+++
e is 65537 (0x10001)
Enter pass phrase: ← 在这里输入口令
Verifying - Enter pass phrase: ← 确认口令,再次输入
[root@Crayfish certs]# openssl rsa -in server.key -out server.key ← 从密钥中删除密码(以避免系统启动后被询问口令)
Enter pass phrase for server.key: ← 输入口令
writing RSA key
[2] 建立服务器公钥
[root@Crayfish certs]# make server.csr ← 建立服务器密钥
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN ← 输入国名
State or Province Name (full name) []:HuNan ← 输入省名
Locality Name (eg, city) [Default City]:ChangSha ← 输入城市名
Organization Name (eg, company) [Default Company Ltd]:www.example.com ← 输入组织名(任意)
Organizational Unit Name (eg, section) []: ← 不输入,直接回车
Common Name (eg, your name or your server's hostname) []:www.example.com ← 输入通称(任意)
Email Address []:[email protected] ← 输入电子邮箱地址
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: ← 不输入,直接回车
An optional company name []: ← 不输入,直接回车
[3] 建立服务器证书
[root@Crayfish certs]# openssl x509 -in server.csr -out server.pem -req -signkey server.key -days 365 ← 建立服务器证书
Signature ok
subject=/C=CN/ST=HuNan/L=ChangSha/O=www.example.com/CN=www.example.com/[email protected]
Getting Private keySignature ok
[root@Crayfish certs]# chmod 400 server.* ← 修改权限为400
[4] 设置SSL
[root@Crayfish certs]# vi /etc/httpd/conf.d/ssl.conf ← 修改SSL的设置文件
#DocumentRoot "/var/www/html" ← 找到这一行,将行首的“#”去掉
↓
DocumentRoot "/var/www/html" ← 变为此状态
[5] 重新启动HTTP服务,让SSL生效
[root@Crayfish certs]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for Crayfish
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@Crayfish conf.d]#
|
|
窥视卡
雷达卡
发表于 2014-7-27 09:00:01
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜