apache与nginx ssl证书配置及申请
2018-12-29 17:41
411 查看
在做实验的时候难免有时候会用到ssl证书,在局域网环境下完全没有必要去买一个ssl证书,所以这里我们自建一个CA服务器,对局域网内需要证书的服务器,提供证书颁发的服务。
直接上操作:
准备一台服务器作为CA服务器:
[root@localhost CA]# (umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048) [root@localhost CA]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650 --- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:u9time ##公司名,客户端申请要与此保持一致 Organizational Unit Name (eg, section) []:ca Common Name (eg, your name or your server's hostname) []:ca.u9time.com ##自签证书的完整域名 Email Address []: [root@lvs CA]# touch index.txt ##作为一台CA证书为别人颁发证书时会在此文件进行记录索引文档,文件名与位置由配置文件决定 [root@lvs CA]# echo "01" > serial ##作为一台CA证书为别人颁发证书时会在此文件进行记录序号,文件名与位置由配置文件决定
客户端主机(apache或nginx)生成证书申请CSR文件
[root@localhost ssl]# (umask 077;openssl genrsa -out /etc/httpd/ssl/httpd.key 2048) [root@localhost ssl]# openssl req -new -key /etc/httpd/ssl/httpd.key -out /etc/httpd/ssl/httpd.csr -days 365 ##输入相关信息,用于生成csr文件 --- Country Name (2 letter code) [XX]:CN State or Province Name (full name) []:Shanghai Locality Name (eg, city) [Default City]:Shanghai Organization Name (eg, company) [Default Company Ltd]:u9time ##公司信息要与CA一致 Organi 5b4 zational Unit Name (eg, section) []:ops Common Name (eg, your name or your server's hostname) []:www.u9time.com ##这里填写申请证书的完整域名,可以是其他域名比如www.ddong.com Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:www.u9time.com An optional company name []: [root@localhost ssl]# scp -p httpd.csr root@192.168.157.3:/root/ ##将证书请求文件发送给CA服务器签署生成证书
CA服务器签署证书:
[root@localhost ~]# openssl ca -in httpd.csr -out httpd.crt -days 365 y y [root@localhost ~]# scp -p httpd.crt root@192.168.157.9:/etc/httpd/ssl/
apache2.4服务器配置:
[root@localhost ~]# yum install httpd mod_ssl -y [root@localhost ~]# chmod 600 /etc/httpd/ssl/ [root@localhost ~]# vim /etc/httpd/conf.d/u9time_ssl.conf <VirtualHost *:80> # This first-listed virtual host is also the default for *:80 ServerName www.u9time.com ServerAlias www1.u9time.com www2.u9time.com DocumentRoot "/var/www/html/u9time" </VirtualHost> <VirtualHost *:443> # This first-listed virtual host is also the default for *:80 ServerName www.u9time.com ServerAlias www1.u9time.com www2.u9time.com DocumentRoot "/var/www/html/u9time" ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel 16c8 warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA SSLCertificateFile "/etc/httpd/ssl/u9time.crt" SSLCertificateKeyFile "/etc/httpd/ssl/u9time.key" </VirtualHost>
nginx服务器的配置:
前提是nginx安装时已经编译了ssl模块 [root@localhost conf.d]# cat u9time.conf server { listen 80; server_name www.u9time.com; root /var/www/html/u9; location / { } } server { listen 443; server_name www.u9time.com; root /var/www/html/u9; ssl on; ssl_certificate /etc/httpd/ssl/u9time.crt; #证书文件 ssl_certificate_key /etc/httpd/ssl/u9time.key; #KEY文件 ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; location / { } }
相关文章推荐
- 阿里云免费SSL证书申请与安装使用-附Nginx,Apache,IIS 6,IIS 8配置SSL教程
- 腾讯云服务器申请SSL证书, 配置Nginx, 实现HTTPS
- 网站升级HTTPS,免费SSL证书Let’s Encrypt安装使用教程:Apache和Nginx配置方法
- nginx配置SSL证书(使用startSSL申请到的免费证书)
- StartSSL免费SSL证书申请使用:Apache和Ngnix安装配置SSL证书
- 新StartSSL免费SSL证书申请使用:Apache和Ngnix安装配置SSL证书
- SSL证书申请及nginx配置证书
- https-ssl-nginx-apache-httpd-tomat申请ssl证书小结
- ssl证书申请以及nginx证书的配置
- 腾讯云服务器申请SSL证书, 配置Nginx, 实现HTTPS
- wdcp+nginx+apache+mysql+php+免费申请ssl证书实现https访问
- StartSSL免费SSL证书申请使用:Apache和Ngnix安装配置SSL证书
- IIS、nginx、apache只允许域名访问配置
- Apache 服务器使用沃通免费SSL证书 配置https项目
- 【phalcon】完美路由配置 apache nginx
- apache nginx 配置多端口监听,浏览器自动跳转到80端口
- nginx配置 实现 Apache的alias 案例
- nginx及apache不缓存配置;
- linux下nginx配置SSL证书
- Apache、Nginx和Tomcat之虚拟主机配置