In this document, we will use a self-signed certificate. It is assumed that CentOS has Apache web server installed. We need to generate a self-signed certificate using OpenSSL. If OpenSSL is not already installed, it can be installed using yum.
# yum install mod_ssl openssl
After the installation is complete, the /etc/httpd/conf.d/ssl.conf file will be automatically generated, which will be used in the following configuration!
The following command can be used to generate a self-signed certificate.
First , generate a 2048-bit encrypted private key
# openssl genrsa -out server.key 2048
Then , generateCertificate Signing Request(CSR), a lot of information needs to be filled in here, such as country, province, city, company, etc.
# openssl req -new -key server.key -out server.csr
Finally , generate a self-signed certificate of type X509. The validity period is set to 3650 days, that is, the validity period is 10 years
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
After the certificate is created, copy the file to the corresponding directory.
# cp server.crt /etc/pki/tls/certs/
# cp server.key /etc/pki/tls/private/
# cp server.csr /etc/pki/tls/private/
First , modify the configuration file below. Only need to configure the red part SSLCertificateFile and SSLCertificateKeyFile
# vim /etc/httpd/conf.d/ssl.conf
### overwrite the following parameters ###
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
Adjust the virtual host
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
<Directory /var/www/html/virtual-web>
AllowOverride All
</Directory>
DocumentRoot /var/www/html/virtual-web //这里是目录结构
ServerName www.example.com
</VirtualHost>
重新启动httpd服务使更改生效# service httpd restart
强制Apache Web服务器始终使用https
强制主站所有Web使用(全局站点)
如果要强制主站使用HTTPS,我们可以这样修改httpd配置文件:
# vim /etc/httpd/conf/httpd.conf
ServerName www.example.com:80
Redirect permanent / https://www.example.com
重启Apache服务器,使配置生效:
# service httpd restart
强制虚拟主机(单个站点)
如果要强制单个站点在虚拟主机上使用HTTPS,对于HTTP可以按照下面进行配置:
# vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com
</VirtualHost>
重启Apache服务器,使配置生效:
# service httpd restart
单个站点全部使用HTTPS,则 http://www.example.com 会强制重定向跳转到 https://www.example.com