apache自建证书实现https
1、安装mod_ssl
yum -y install mod_ssl
2、HTTP 服务器上配置mod_ssl
2.1、进入http服务器配置文件所在目录
cd /etc/pki/tls/certs/
2.2、建立服务器密钥
umask 77 ; \/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
.+++
............+++
e is 65537 (0x10001)
Enter pass phrase: #设置一个口令
Verifying - Enter pass phrase: #确定口令
openssl rsa -in server.key -out server.key #从密钥中删除密码
2.3、建立服务器公钥
# makeserver.csr #生成服务器公钥
umask 77; \/usr/bin/openssl req -utf8 -new-key server.key -outserver.csr
You are about to be asked to enterinformation that will be incorporated
into your certificate request.
What you are about to enter iswhatiscalled a DistinguishedName or a DN.
There are quite a few fields but you canleave some blank
For some fields there will be a defaultvalue,
If you enter '.', thefield will be left blank.
-----
Country Name (2letter code) [XX]:CN #填入国家代码 例如CN
State or Province Name (full name)[]:Shanghai #省 例如Shanghai
Locality Name (eg, city) [DefaultCity]:Shanghai #市 例如Shanghai
Organization Name (eg, company) [DefaultCompany Ltd]:NOC #组织名 例如NO (任意)
Organizational Unit Name (eg, section)[]:Newegg #组织单位名 例如 New (任意)
Common Name (eg, your name or your server's hostname) []:NOC #通用名 例如 NO (任意)
Email Address []:noc@newegg.com #电子邮箱
Please enter the following 'extra'attributes
to be sent with your certificate request
A challenge password []: #不填,直接回车
An optional company name []: #不填,直接回车
2.3、建立服务器证书
openssl x509 -inserver.csr -outserver.pem -req -signkeyserver.key -days365
Signature ok
subject=/C=CN/ST=Shanghai/L=Shanghai/O=NOC/OU=Newegg/CN=NOC/emailAddress=noc@newegg.com
Getting Private key
chmod 400 server.* #修改权限为400
2.4、设置SSL
vim /etc/httpd/conf.d/ssl.conf
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html" #去掉此参数的注释‘#’
systemctl restart httpd #重启httpd 服务
