https
########https#######
1.https定義
Hyper text transfer protocol over Secure socker layer
通過ssl
如果加密的通信非常重要,而經過驗證的身份不重要,管理員可以通過生成self-
signed certificate來避免與認證機構進行交互所帶來的復雜性。
使用genkey實用程序(通過crypto-utils軟件包分發),生成自簽名證書及其關聯的
私鑰。為了簡化起見,genkey將在“正確”的位置(/etc/pki/tls目錄)創建證書及其
關聯的密鑰。相應地,必須以授權用戶(root)身份運行該實用程序。
2.配置
yum install mod_ssl -y
yum install crypto-utils -y
genkey www.westos.com
[[email protected] virtual]# genkey www.westos.com ##配置鑰匙
@@@@@@@
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.6165 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.6165
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
@@@@@@@@
/etc/pki/tls/private/www.westos.com.key
/etc/pki/tls/certs/www.westos.com.crt
vim /etc/httpd/conf.d/login.conf
[[email protected] conf.d]# ls
autoindex.conf login.conf php.conf squid.conf userdir.conf
default.conf news.conf README ssl.conf welcome.conf
[[email protected] conf.d]# vim ssl.conf ##添加加密字符文件
@@@@@@
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you‘ve both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
@@@@@@@
[[email protected] conf.d]# vim login.conf
<Virtualhost *:443>
ServerName "login.westos.com"
DocumentRoot "/var/www/virtual/login.westos.com/html"
CustomLog "logs/login.log" combined
SSLEngine on ##開啟https功能
SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt ##證書
SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key ##密鑰
</Virtualhost>
<Directory "/var/www/virtual/login.westos.com/html">
Require all granted
</Directory>
</Virtualhost *:80> ##網頁重寫實現自動訪問(把所有80端口的請求全部重定向由https來處理)
ServerName login.westos.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
^(/.*)$ http://%{HTTP_HOST}$1 [redirect=301]
^(/.*)$ ##客戶主機在地址欄中寫入的所有字符,除過換行符
http:// ##定向成為的訪問協議
%{HTTP_HOST} ##客戶請求主機
$1##$1的值就表示^(/.*)$ 的值
[redirect=301] ##臨時重定向 302表示永久定向
mkdir /var/www/virtual/login.westos.com/html -p
vim /var/www/virtual/login.westos.com/html/index.html
systemctl restart httpd
測試:
在客戶主機中添加解析
172.25.254.113 login.westos.com
訪問http://login.westos.com 會實現自動調轉
https://login.westos.com 實現網頁數據加密傳送
本文出自 “AELY木” 博客,請務必保留此出處http://12768057.blog.51cto.com/12758057/1926547
https