apache 配置虚拟主机的安全连接 SSL

SSL全称为secure socket layer 用以保障在inetnet上数据传输安全，利用数据加密保障数据在网络上传输过程不会被窃取窃听

//yum 安装使apache支持ssl

yum install mod_ssl openssl

//创建私钥

openssl genrsa -out server.key 1024

//证书签发亲求csr，系统会向你索取一些简单的信息，这里为了实验方便一路回车

## openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

由于我们不能申请上级CA授权认证，自己给自己创建一个CA

[root@centos129 ~]# openssl x509 -days 365 -req -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd
Getting Private key

以上3个操作产生3个文件

server.key
server.csr
server.key

//修改www.zhoutao.name虚拟主机配置文件

内容如下

[root@centos129 vconf.d]# cat nvhsot.conf
<VirtualHost 172.16.148.129:443>
ServerName www.zhoutao.name
ScriptAlias /cgi-bin/ "/www/zhoutao.name/cgi-bin/"
DocumentRoot /www/zhoutao.name
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
<Directory /www/zhoutao.name>
AllowOverride AuthConfig
</Directory>
</VirtualHost>

//实验结束

访问https://www.zhoutao.name





本文出自 “风光坏家伙” 博客，请务必保留此出处http://fghjk.blog.51cto.com/4359709/774169