httpd achieve ssl

Others 2020-04-01 01:57:31 views: null

Article Directory

https

mark

A simplified process SSL session

1, the first visit to an encrypted site, sent by the client to choose the encryption method, and requests a certificate server, the server does not respond immediately

2, the server sends the selected encryption and certificate to the client

(A site because the certificate contains a public key signed by the CA private key, the CA information, expired time, this step is equivalent to the client got the A's public key sites)

3, the client obtain a certificate and a certificate verifying
CA if the trust certificates issued to its

(a) verify the credentials of the source of legitimacy; with the public key to decrypt the digital signature certificate CA
legitimacy verification certificate (b): integrity verification
validity period © inspection certificate
(d) to check whether the certificate revoked
names (e) the certificate owner, to be consistent with the target host access

The client then generates a temporary session key (symmetric key), and using the public key of the server encrypts the data sent to the server to complete the key exchange

4, this service resource with the key to encrypt the user's request, in response to the client

5, the next communication, still use

Note: SSL is realized based on the IP address, a single IP host can only use a https web hosting

Two, httpd method of realization https

process:
2.1 request a digital certificate for the server

  • Creating a private CA

  • Create a certificate signing request in server

  • CA visa

Configure httpd 2.2 supports the use of ssl, and the use of certificates
	yum -y install mod_ssl

Profile: /etc/httpd/conf.d/ssl.conf

  • DocumentRoot

  • ServerName

  • SSLCertificateFile

  • SSLCertificateKeyFile

example:

  1. Create a relevant certificate

    openssl genrsa 2048 > cakey.pem
openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
openssl req -newkey rsa:1024  -days 365 -nodes -keyout httpd.key > httpd.csr
openssl x509 -req -in httpd.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 > httpd.crt

    Note: httpd.csr last common name in the Common Name must be a ready access to encrypted website

    Common Name (eg, your name or your server’s hostname) [ ]:www.a.com

  2. Ssl module installation

    yum -y install mod_ssl

  3. Modify conf

    [root@node1 ~]# vim /etc/httpd/conf.d/ssl.conf

    ssl.conf generated from the installation module configuration file ssl

    <VirtualHost _default_:443>
DocumentRoot "/data/asite"
<directory /data/asite>
require all granted                                                                                                                         
</directory>
SSLCertificateFile /data/dd/httpd.crt
SSLCertificateKeyFile /data/dd/httpd.key
SSLCACertificateFile /data/dd/cacert.pem
</VirtualHost>
King of Bandit
Published 62 original articles · won praise 7 · views 1265
Private letter concerns

Guess you like

Origin blog.csdn.net/qq_36801585/article/details/104452338
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com