一、安装httpd、mod_ssl
# yum -y install httpd mod_ssl
二、删除 ssl.conf文件
# rm -rf /etc/httpd/conf.d/ssl.conf
三、建立目录文件
# mkdir -p /data/web_data # echo "welcome to my web" > /data/web_data/index.html
四、添加配置文件
# vim /etc/httpd/conf.d/virthost.conf 添加: <VirtualHost *:80> ServerName www.rj.com DocumentRoot "/data/web_data" <Directory "/data/web_data"> Require all granted </Directory> </VirtualHost> Listen 192.168.10.2:443 <VirtualHost *:443> ServerName www.rj.com DocumentRoot "/data/web_data" SSLEngine on #SSL功能打开,如果在Virthost 出现这句,则仅作用于虚拟机站点配置范围,这个虚拟机站点全部使用SSL通信,如果出现在Virthost外,则作用于全局,整个服务器都使用 SSL(HTTPS)通信,不能采用HTTP通信,所以通常都在Virthost中加这句 SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificatekeyFile /etc/httpd/ssl/httpd.key <Directory "/data/web_data"> Require all granted </Directory> </VirtualHost>
五、申请证书
# cd /etc/pki/CA # touch index.txt # echo 00 >serial # (umask 066;openssl genrsa -out private/cakey.pem 4096) # openssl req -new -x509 -key private/cakey.pem -out cacert.pem -days 3650 # mkdir /etc/httpd/ssl && cd /etc/httpd/ssl # (umask 066;openssl genrsa -out httpd.key 1024) # openssl req -new -key httpd.key -out httpd.csr # openssl ca -in httpd.csr -out httpd.crt -days 365
六、启动服务
# systemctl stop firewalld # setenforce 0 # systemctl restart httpd
CA根证书安装到受信任的根、子CA证书安装到中级证书颁发机构
转换命令:
# openssl x509 -outform der -in cacert.pem -out cacert.crt