共计 1720 个字符,预计需要花费 5 分钟才能阅读完成。
CentOS 生成自签名证书配置 Apache https
apache 的安装就不用说了
1. 安装完 apache 之后,安装 mod_ssl 和 openssl
yum install mod_ssl openssl
2. 安装完成之后,配置 iptables 打开 443 端口, 这时其实已经可以访问 https 了,但是我们看证书详情的时候显示
Issued to: localhost.localdomain
Issued by: localhost.localdomian
颁发者: localhost.localdomain
颁发给: localhost.localdomain
———————————————————————-
下面我们生成自签证书
3. 生成密钥
openssl genrsa -out test.com.key 2048
4. 生成证书请求文件,运行之后会出现一大堆要输入的东西,输入之后就生成.csr 的文件了
openssl req -new -key test.com.key -out test.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server’s hostname) []:www.test.com
Email Address []:root@test.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:test
5. 生成证书 crt
openssl x509 -req -days 365 -in test.com.csr -signkey test.com.key -out test.com.crt
6. 复制文件到相应的目录
cp test.com.crt /etc/pki/tls/certs
cp test.com.key /etc/pki/tls/private/
cp test.com.csr /etc/pki/tls/private/
7. 修改配置文件
vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/test.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.com.key
8. 重启 apache
service httpd restart
9. 这时再使用 https 访问,查看证书详情的时候就会看到
Issued to: www.test.com
Issued by: www.test.com
颁发者: www.test.com
颁发给: www.test.com
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2017-01/139684.htm
