Centos6.3下Apache配置https证书访问
2013-05-14 20:16
639 查看
这里简单演示一下Apache下基于加密的认证访问----https加密方式访问。
1.DNS解析这里不再赘述了哈,相见本次演示的dns解析情况:
[root@localhost html]# nslookup www.abc.com Server: 192.168.2.115 Address: 192.168.2.115#53 Name: www.abc.com Address: 192.168.2.115 2.安装Apache SSL支持模块:# yum install -y mod_ssl (默认yum安装httpd是没有安装该模块的,安装后自动生产/etc/httpd/conf.d/ssl.conf文件)并生成证书。
[root@localhost certs]# pwd /etc/pki/tls/certs [root@localhost certs]# ls ca-bundle.crt index.html localhost.crt Makefile ca-bundle.trust.crt localhost1.crt make-dummy-cert [root@localhost certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:510510 Locality Name (eg, city) [Default City]:GZ Organization Name (eg, company) [Default Company Ltd]:ABC.COM Organizational Unit Name (eg, section) []:Mr.Zhang Common Name (eg, your name or your server's hostname) []:www.abc.com Email Address []:root@abc.com [root@localhost certs]# 3.配置Apache,基本配置这里不多说了,下面是配置www.abc.com站点http访问的情况。
[root@localhost html]# tail -n 8 /etc/httpd/conf/httpd.conf NameVirtualhost 192.168.2.115:80 <VirtualHost www.abc.com:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html ServerName www.abc.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> [root@localhost html]# tail /var/www/html/index.html www.abc.com [root@localhost html]# 4.配置Apache支持https访问www.abc.com站点,编辑 vim /etc/httpd/conf.d/ssl.conf 文件,制定www.abc.com站点https访问时的相关信息。添加下面配置。
<VirtualHost www.abc.com:443> DocumentRoot "/var/www/html/www.kuteatest.net" #//为了显示效果,这里的站点目录不一样,一般情况一个域名应该指向同一目录的。 ServerName www.abc.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/abc_com.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> 4.重启Apache服务,测试访问。
测试http访问的结果
测试https访问的结果
查看证书信息和自建crt信息一致
https访问的最终结果
1.DNS解析这里不再赘述了哈,相见本次演示的dns解析情况:
[root@localhost html]# nslookup www.abc.com Server: 192.168.2.115 Address: 192.168.2.115#53 Name: www.abc.com Address: 192.168.2.115 2.安装Apache SSL支持模块:# yum install -y mod_ssl (默认yum安装httpd是没有安装该模块的,安装后自动生产/etc/httpd/conf.d/ssl.conf文件)并生成证书。
[root@localhost certs]# pwd /etc/pki/tls/certs [root@localhost certs]# ls ca-bundle.crt index.html localhost.crt Makefile ca-bundle.trust.crt localhost1.crt make-dummy-cert [root@localhost certs]# openssl req -utf8 -new -key ../private/localhost.key -x509 -days 3650 -out abc_com.crt You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:510510 Locality Name (eg, city) [Default City]:GZ Organization Name (eg, company) [Default Company Ltd]:ABC.COM Organizational Unit Name (eg, section) []:Mr.Zhang Common Name (eg, your name or your server's hostname) []:www.abc.com Email Address []:root@abc.com [root@localhost certs]# 3.配置Apache,基本配置这里不多说了,下面是配置www.abc.com站点http访问的情况。
[root@localhost html]# tail -n 8 /etc/httpd/conf/httpd.conf NameVirtualhost 192.168.2.115:80 <VirtualHost www.abc.com:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot /var/www/html ServerName www.abc.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common </VirtualHost> [root@localhost html]# tail /var/www/html/index.html www.abc.com [root@localhost html]# 4.配置Apache支持https访问www.abc.com站点,编辑 vim /etc/httpd/conf.d/ssl.conf 文件,制定www.abc.com站点https访问时的相关信息。添加下面配置。
<VirtualHost www.abc.com:443> DocumentRoot "/var/www/html/www.kuteatest.net" #//为了显示效果,这里的站点目录不一样,一般情况一个域名应该指向同一目录的。 ServerName www.abc.com:443 ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/abc_com.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> 4.重启Apache服务,测试访问。
测试http访问的结果
测试https访问的结果
查看证书信息和自建crt信息一致
https访问的最终结果
相关文章推荐
- Centos6.3下Apache配置基于加密的认证https加密证书访问
- Centos系统thinkphp发布时,apache配置成https访问时,url地址无法访问问题
- CentOS 6.5系统下配置Apache的https证书
- apache服务器安装配置ssl数字证书,https访问
- CentOS生成自签名证书配置Apache https
- 配置web SSL 安全证书Https访问
- 使用Apache,配置modSSL,使其支持https访问
- centos apache 最新版HTTPS配置
- 阿里云https证书Apache配置
- Windows下Nginx配置SSL实现Https访问(包含证书生成)
- window2008下基于阿里云免费HTTPS证书+apache2.4.27的HTTPS配置方法
- 普元 EOS Platform 7.6 如何配置tomcat证书,使用https访问应用
- 【JAVA/HTTPS】JAVA生成ks,证书,tomcat配置HTTPS访问
- Centos 6.8 下利用 letsencrypt.sh 脚本为 nginx 配置免费 https 证书
- tomcat 配置ssl/https 证书问题(一)- No enum constant org.apache.tomcat.util.net.SSLHostConfigCertificate.Typ
- Centos6.3下apache+svn安装配置笔记
- apache允许https访问及ssl免费证书申请
- window2008下基于阿里云免费HTTPS证书+apache2.4.27的HTTPS配置方法
- Centos下配置tomcat7的https证书