HTTPS is a secure http channel, and an SSL layer is added under http. The security foundation of https is ssl, so the detailed content of encryption requires ssl.
The following introduces the steps to set up the https service under https2.2
1. Create a private CA:
Use openssl command, detailed introduction: http://blog.51cto.com/papapa213/2096589
1) Create the CA's private key:
(umask 077;openssl genrsa -out /etc/pki/CA/private/cakey.pem 2048)
2) Generate self-signed certificate:
openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3653
After that, you need to fill in the corresponding information in the interactive interface, such as country, region, city, unit, etc., and the generated certificate is encrypted data
3) Improve the directory and text file structure required by CA:
touch /etc/pki/CA/index.txt
echo 01 > /etc/pki/CA/serial
2. Create https site:
1) Generate key for httpd server and generate certificate request
openssl genrsa -out /etc/httpd/ssl/httpd.key 2048 openssl req -new -key /etc/httpd/ssl/httpd.key -out httpd.csr -days 3653
2) Issue a certificate on the CA:
openssl ca -in /etc/httpd/ssl/httpd.csr -out /etc/pki/CA/certs/httpd.crt -days 3653
3) Send the certificate issued by the CA to the httpd server:
cp /etc/pki/CA/certs/httpd.crt /etc/httpd/ssl/
4) Delete the certificate request file
rm -f /etc/httpd/ssl/httpd.csr
5) Configure ssl support on httpd server
①Install mod_ssl module:
yum -y install mod_ssl
②Modify the content in the /etc/httpd/conf.d/ssl.conf configuration file
<VirtualHost 192.168.109.2:443> .... DocumentRoot "/myvhost/https" ServerName .... SSLCertificateFile /etc/httpd/ssl/httpd.crt SSLCertificateKeyFile /etc/httpd/ssl/httpd.key ...
③Add a new webpage:
echo "https" > /mychost/https/index.html
Visit https://192.168.109.2 at this time