1. Install mod_ssl package
[root@bogon conf.d]# yum install -y mod_ssl
2. Change the directory to /etc/pki/tls/certs/ and check if there is a Makefile
[root@bogon conf.d]# cd /etc/pki/tls/certs/
[root@bogon certs]# ll
3. Create a certificate file
[root@bogon certs]# make zhengshu.crt
[root@bogon certs]# make zhengshu.crt
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > zhengshu.key
Generating RSA private key, 2048 bit long modulus (2 primes)
.............................................+++++
...............+++++
e is 65537 (0x010001)
Enter pass phrase: //设置密码
Verifying - Enter pass phrase: //再次确认密码
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key zhengshu.key -x509 -days 365 -out zhengshu.crt -set_serial 0
Enter pass phrase for zhengshu.key: //与上述密码相同
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:86 //国家代码
State or Province Name (full name) []:sx //省份
Locality Name (eg, city) [Default City]:xi'an //城市
Organization Name (eg, company) [Default Company Ltd]:beixin //公司名
Organizational Unit Name (eg, section) []:ce //部门
Common Name (eg, your name or your server's hostname) []:www.ceshi.com //服务主机名
Email Address []:[email protected] //邮箱
4. Compile configuration files (refer to /etc/httpd/conf.d/ssl.conf file)
[root@bogon certs]# cd /etc/httpd/conf.d/
[root@bogon conf.d]# vim vhost-https.conf
<virtualhost 192.168.74.130:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/zhengshu.crt //指定证书路径
SSLCertificateKeyFile /etc/pki/tls/certs/zhengshu.key //指定密钥文件路径
documentroot /www/https
servername 192.168.74.130
</virtualhost>
<directory /www/https>
allowoverride none
require all granted
</directory>
5. Create the root directory of web page files and define web content
[root@bogon ~]# mkdir -p /www/https
[root@bogon ~]# echo this is https > /www/https/index.html
6. Restart httpd service (password required)
[root@bogon ~]# systemctl restart httpd
7. Command line test
8. Test in the host browser