Configuring HTTPS web server
Case 1 : Configuring Secure Web Services
1.1 problem
This embodiment requires for the site http://server0.example.com arranged TLS encryption
A signed certificate obtained from the following address http: //classroom/pub/tls/certs/server0.crt
The key for this certificate is obtained from the following address http: //classroom/pub/tls/private/server0.key
The certificate signing authority information obtained from the following address http: //classroom/pub/example-ca.crt
1.2 program
Secure Web transport protocols and ports: TCP 443
Access HTTP sites (unencrypted): http://server0.example.com/
Access HTTPS sites (encryption): https://server0.example.com/
For the httpd server to achieve TLS encryption conditions: 1 ) Enable a mod_ssl module; 2 ) provides encrypted material: digital web server certificate, the private key, the Web server root certificate (certificate issued digital certificate authorities)
TLS certificate deployment location: /etc/pki/tls/certs/*.crt
TLS private key deployment location: /etc/pki/tls/private/*.key
1.3 step
This case needs to be achieved in the following steps.
Step one: Configure HTTPS web server
1 ) install mod_ssl module packages
[root@server0~]#yum -y install mod_ssl
....
2 ) the deployment of keys, certificates and other material
[root@server0~]#cd /etc/pki/tls/certs/
[root@server0 certs]#wget http://classroom/pub/example-ca.crt
....
2016-11-27 01:04:51(116 MB/s)-‘example-ca.crt’saved[1220/1220]
[root@server0 certs]#wget http://classroom/pub/tls/certs/server0.crt
....
2016-11-27 01:04:06(62.1 MB/s)-‘server0.crt’saved[3505/3505]
[root @ server0 certs] #ls * .crt // confirm the deployment results
ca-bundle.crt example-ca.crt server0.crt
ca-bundle.trust.crt localhost.crt
[root@server0 certs]#cd /etc/pki/tls/private/
[root@server0private]#wget http://classroom/pub/tls/private/server0.key
....
2016-11-27 01:07:09(39.0 MB/s)-‘server0.key’saved[916/916]
3 ) for the SSL virtual host configuration secure website
[root@server0~]#vim /etc/httpd/conf.d/ssl.conf
Listen 443 https
....
<VirtualHost_default_:443>
DocumentRoot "/ var / www / html " // Web Directory
ServerName server0.example.com:443// site's domain name
....
SSLCertificateFile / etc / pki / tls / certs / server0.crt // Web site certificate
....
SSLCertificateKeyFile / etc / pki / tls / private / server0.key // site private
....
SSLCACertificateFile / etc / pki / tls / certs / example-ca.crt // root certificate
4 ) Reboot the system service httpd
[root@server0~]#systemctl restart httpd
[root@server0~]#netstat -antpu | grep httpd
// Verify that the monitor 80 , 443 port
tcp6 0 0:::443:::*LISTEN 7954/httpd
tcp6 0 0:::80:::*LISTEN 7954/httpd
Step two: Verify the HTTPS encrypted access
Use firefox browser access to encrypted site https://server0.example.com/ , you can see the page prompts to connect "is not trusted or untrusted to Connection " (Figure -2 shown).
FIG -2
To continue the visit, clicking the hyperlink in the bottom of the page " the I Understand at The Risks, a ", indicates that the user has to understand the associated risks. Then click on the "expanded page in the Add Exception " button (Figure -3 shown).
Figure -3
Add Security Exception dialog pop-up window (Figure -4 shown), the lower left corner of the screen click " Confirm The Security Exception " button to confirm the safety exception.
Figure -4
To see the contents of the corresponding page (FIG confirm successful -5 shown).
Figure -5